Fix SSL_set_tlsext_debug_callback/-tlsextdebug

Some extensions were being displayed twice, before they were parsed, and
again after they were parsed.
The supported_versions extension was not being fully displayed, as it
was processed differently than other extensions.

Move the debug callback to where the extensions are first collected, to
catch all the extensions as they come in, so they are ordered correctly.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3911)

ssl/statem/extensions.c

@@ -520,6 +520,11 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
             thisex->present = 1;
             thisex->type = type;
             thisex->received_order = i++;
+            if (s->ext.debug_cb)
+                s->ext.debug_cb(s, !s->server, thisex->type,
+                                PACKET_data(&thisex->data),
+                                PACKET_remaining(&thisex->data),
+                                s->ext.debug_arg);
         }
     }
 
@@ -571,12 +576,6 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
     if (!currext->present)
         return 1;
 
-    if (s->ext.debug_cb)
-        s->ext.debug_cb(s, !s->server, currext->type,
-                        PACKET_data(&currext->data),
-                        PACKET_remaining(&currext->data),
-                        s->ext.debug_arg);
-
     /* Skip if we've already parsed this extension */
     if (currext->parsed)
         return 1;