Fix SSL_set_tlsext_debug_callback/-tlsextdebug

Some extensions were being displayed twice, before they were parsed, and
again after they were parsed.
The supported_versions extension was not being fully displayed, as it
was processed differently than other extensions.

Move the debug callback to where the extensions are first collected, to
catch all the extensions as they come in, so they are ordered correctly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3911)

1 files changed, 5 insertions, 6 deletions

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index ab9f0d3616..f62b1fe65f 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -520,6 +520,11 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
             thisex->present = 1;
             thisex->type = type;
             thisex->received_order = i++;
+            if (s->ext.debug_cb)
+                s->ext.debug_cb(s, !s->server, thisex->type,
+                                PACKET_data(&thisex->data),
+                                PACKET_remaining(&thisex->data),
+                                s->ext.debug_arg);
         }
     }
 
@@ -571,12 +576,6 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
     if (!currext->present)
         return 1;
 
-    if (s->ext.debug_cb)
-        s->ext.debug_cb(s, !s->server, currext->type,
-                        PACKET_data(&currext->data),
-                        PACKET_remaining(&currext->data),
-                        s->ext.debug_arg);
-
     /* Skip if we've already parsed this extension */
     if (currext->parsed)
         return 1;