From 1a077b38c98382e9997fe9565ddacb8b5c815418 Mon Sep 17 00:00:00 2001
From: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Fri, 15 Nov 2024 09:49:43 +0100
Subject: [PATCH] s_cb.c: Move the negotiated group output

It needs to be always displayed not just with -brief.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25959)
---
 apps/lib/s_cb.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 3b3c0dd0b3..026315406e 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -418,8 +418,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
 {
     EVP_PKEY *key;
 
-    if (!SSL_get_peer_tmp_key(s, &key))
+    if (!SSL_get_peer_tmp_key(s, &key)) {
+        if (SSL_version(s) == TLS1_3_VERSION)
+            BIO_printf(out, "Negotiated TLS1.3 group: %s\n",
+                       SSL_group_to_name(s, SSL_get_negotiated_group(s)));
         return 1;
+    }
+
     BIO_puts(out, "Server Temp Key: ");
     switch (EVP_PKEY_get_id(key)) {
     case EVP_PKEY_RSA:
@@ -1327,12 +1332,8 @@ void print_ssl_summary(SSL *s)
     if (SSL_is_server(s))
         ssl_print_groups(bio_err, s, 1);
 #endif
-    if (!SSL_is_server(s)) {
-        if (SSL_version(s) == TLS1_3_VERSION)
-            BIO_printf(bio_err, "Negotiated TLS1.3 group: %s\n",
-                       SSL_group_to_name(s, SSL_get_negotiated_group(s)));
+    if (!SSL_is_server(s))
         ssl_print_tmp_key(bio_err, s);
-    }
 }
 
 int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,