Add -brief option to s_client and s_server to summarise connection details.

 Changes between 1.0.x and 1.1.0  [xx XXX xxxx]

  *) New option -brief for s_client and s_server to print out a brief summary

     of connection parameters.

     [Steve Henson]

  *) Add functions to retrieve and manipulate the raw cipherlist sent by a

     client to OpenSSL.

     [Steve Henson]

                           unsigned char *authz, size_t authz_length);

# endif

int ssl_print_sigalgs(BIO *out, SSL *s);

int ssl_print_curves(BIO *out, SSL *s);

int ssl_print_curves(BIO *out, SSL *s, int noshared);

#endif

int ssl_print_tmp_key(BIO *out, SSL *s);

int init_client(int *sock, char *server, int port, int type);

int args_excert(char ***pargs, int *pargc,

			int *badarg, BIO *err, SSL_EXCERT **pexc);

int load_excert(SSL_EXCERT **pexc, BIO *err);

void print_ssl_summary(BIO *bio, SSL *s);

#define	COOKIE_SECRET_LENGTH	16

int verify_depth=0;

int verify_quiet=0;

int verify_error=X509_V_OK;

int verify_return_error=0;

unsigned char cookie_secret[COOKIE_SECRET_LENGTH];

	err=	X509_STORE_CTX_get_error(ctx);

	depth=	X509_STORE_CTX_get_error_depth(ctx);

	if (!verify_quiet || !ok)

		{

		BIO_printf(bio_err,"depth=%d ",depth);

		if (err_cert)

			{

		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),

			X509_NAME_print_ex(bio_err,

					X509_get_subject_name(err_cert),

					0, XN_FLAG_ONELINE);

			BIO_puts(bio_err, "\n");

			}

		else

			BIO_puts(bio_err, "<no cert>\n");

		}

	if (!ok)

		{

		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,

		policies_print(bio_err, ctx);

		break;

		}

	if (err == X509_V_OK && ok == 2)

	if (err == X509_V_OK && ok == 2 && !verify_quiet)

		policies_print(bio_err, ctx);

	if (ok && !verify_quiet)

		BIO_printf(bio_err,"verify return:%d\n",ok);

	return(ok);

	}

	return 1;

	}

int ssl_print_curves(BIO *out, SSL *s)

int ssl_print_curves(BIO *out, SSL *s, int noshared)

	{

	int i, ncurves, *curves, nid;

	const char *cname;

			BIO_printf(out, "%s", cname);

			}

		}

	if (ncurves == 0)

		BIO_puts(out, "NONE");

	if (noshared)

		{

		BIO_puts(out, "\n");

		return 1;

		}

	BIO_puts(out, "\nShared Elliptic curves: ");

	OPENSSL_free(curves);

	ncurves = SSL_get_shared_curve(s, -1);

	return 1;

	}

static void print_raw_cipherlist(BIO *bio, SSL *s)

	{

	const unsigned char *rlist;

	static const unsigned char scsv_id[] = {0, 0, 0xFF};

	size_t i, rlistlen, num;

	if (!SSL_is_server(s))

		return;

	num = SSL_get0_raw_cipherlist(s, NULL);

	rlistlen = SSL_get0_raw_cipherlist(s, &rlist);

	BIO_puts(bio, "Client cipher list: ");

	for (i = 0; i < rlistlen; i += num, rlist += num)

		{

		const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);

		if (i)

			BIO_puts(bio, ":");

		if (c)

			BIO_puts(bio, SSL_CIPHER_get_name(c));

		else if (!memcmp(rlist, scsv_id - num + 3, num))

			BIO_puts(bio, "SCSV");

		else

			{

			size_t j;

			BIO_puts(bio, "0x");

			for (j = 0; j < num; j++)

				BIO_printf(bio, "%02X", rlist[j]);

			}

		}

	BIO_puts(bio, "\n");

	}

void print_ssl_summary(BIO *bio, SSL *s)

	{

	const SSL_CIPHER *c;

	X509 *peer;

	/*const char *pnam = SSL_is_server(s) ? "client" : "server";*/

	BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));

	print_raw_cipherlist(bio, s);

	c = SSL_get_current_cipher(s);

	BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));

	do_print_sigalgs(bio, s, 0);

	peer = SSL_get_peer_certificate(s);

	if (peer)

		{

		int nid;

		BIO_puts(bio, "Peer certificate: ");

		X509_NAME_print_ex(bio, X509_get_subject_name(peer),

					0, XN_FLAG_ONELINE);

		BIO_puts(bio, "\n");

		if (SSL_get_peer_signature_nid(s, &nid))

			BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));

		}

	else

		BIO_puts(bio, "No peer certificate\n");

	if (peer)

		X509_free(peer);

	if (SSL_is_server(s))

		ssl_print_curves(bio, s, 1);

	else

		ssl_print_tmp_key(bio, s);

	}

extern int verify_depth;

extern int verify_error;

extern int verify_return_error;

extern int verify_quiet;

#ifdef FIONBIO

static int c_nbio=0;

static BIO *bio_c_msg=NULL;

static int c_quiet=0;

static int c_ign_eof=0;

static int c_brief=0;

#ifndef OPENSSL_NO_PSK

/* Default PSK identity and key */

			verify=SSL_VERIFY_PEER;

			if (--argc < 1) goto bad;

			verify_depth=atoi(*(++argv));

			if (!c_quiet)

				BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

			}

		else if	(strcmp(*argv,"-cert") == 0)

			}

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if (strcmp(*argv,"-verify_quiet") == 0)

			verify_quiet = 1;

		else if (strcmp(*argv,"-brief") == 0)

			{

			c_brief = 1;

			verify_quiet = 1;

			c_quiet = 1;

			}

		else if (args_excert(&argv, &argc, &badarg, bio_err, &exc))

			{

			if (badarg)

					else 

						BIO_printf(bio_err, "Error writing session file %s\n", sess_out);

					}

				if (c_brief)

					{

					BIO_puts(bio_err,

						"CONNECTION ESTABLISHED\n");

					print_ssl_summary(bio_err, con);

					}

				print_stuff(bio_c_out,con,full_log);

				if (full_log > 0) full_log--;

#undef PROG

#define PROG		s_server_main

extern int verify_depth, verify_return_error;

extern int verify_depth, verify_return_error, verify_quiet;

static char *cipher=NULL;

static int s_server_verify=SSL_VERIFY_NONE;

static int no_resume_ephemeral = 0;

static int s_msg=0;

static int s_quiet=0;

static int s_brief=0;

static char *keymatexportlabel=NULL;

static int keymatexportlen=20;

	s_debug=0;

	s_msg=0;

	s_quiet=0;

	s_brief=0;

	hack=0;

#ifndef OPENSSL_NO_ENGINE

	engine_id=NULL;

			}

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if (strcmp(*argv,"-verify_quiet") == 0)

			verify_quiet = 1;

		else if	(strcmp(*argv,"-serverpref") == 0)

			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

		else if (strcmp(*argv,"-legacy_renegotiation") == 0)

			{ s_crlf=1; }

		else if	(strcmp(*argv,"-quiet") == 0)

			{ s_quiet=1; }

		else if	(strcmp(*argv,"-brief") == 0)

			{

			s_quiet=1;

			s_brief=1;

			verify_quiet=1;

			}

		else if	(strcmp(*argv,"-bugs") == 0)

			{ bugs=1; }

		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)

				}

			else

				i=raw_read_stdin(buf,bufsize);

			if (!s_quiet)

			if (!s_quiet && !s_brief)

				{

				if ((i <= 0) || (buf[0] == 'Q'))

					{

		return(0);

		}

	if (s_brief)

		print_ssl_summary(bio_err, con);

	PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));

	peer=SSL_get_peer_certificate(con);

		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

	ssl_print_sigalgs(bio_s_out, con);

	ssl_print_curves(bio_s_out, con);

	ssl_print_curves(bio_s_out, con, 0);

	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

				BIO_puts(io,"\n");

				}

			ssl_print_sigalgs(io, con);

			ssl_print_curves(io, con);

			ssl_print_curves(io, con, 0);

			BIO_printf(io,(SSL_cache_hit(con)

				?"---\nReused, "

				:"---\nNew, "));