Reorganize SSL test structures

Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 445fda9..53ee0b4 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -45,7 +45,22 @@
     }
 ```
 
-The test section supports the following options:
+The test section supports the following options
+
+### Test mode
+
+* Method - the method to test. One of DTLS or TLS.
+
+* HandshakeMode - which handshake flavour to test:
+  - Simple - plain handshake (default)
+  - Resume - test resumption
+  - (Renegotiate - test renegotiation, not yet implemented)
+
+When HandshakeMode is Resume or Renegotiate, the original handshake is expected
+to succeed. All configured test expectations are verified against the second
+handshake.
+
+### Test expectations
 
 * ExpectedResult - expected handshake outcome. One of
   - Success - handshake success
@@ -53,54 +68,22 @@
   - ClientFail - clientside handshake failure
   - InternalError - some other error
 
-* ClientAlert, ServerAlert - expected alert. See `ssl_test_ctx.c` for known
-  values.
+* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
+  `ssl_test_ctx.c` for known values.
 
-* Protocol - expected negotiated protocol. One of
+* ExpectedProtocol - expected negotiated protocol. One of
   SSLv3, TLSv1, TLSv1.1, TLSv1.2.
 
-* ClientVerifyCallback - the client's custom certificate verify callback.
-  Used to test callback behaviour. One of
-  - None - no custom callback (default)
-  - AcceptAll - accepts all certificates.
-  - RejectAll - rejects all certificates.
-
-* Method - the method to test. One of DTLS or TLS.
-
-* ServerName - the server the client should attempt to connect to. One of
-  - None - do not use SNI (default)
-  - server1 - the initial context
-  - server2 - the secondary context
-  - invalid - an unknown context
-
-* ServerNameCallback - the SNI switching callback to use
-  - None - no callback (default)
-  - IgnoreMismatch - continue the handshake on SNI mismatch
-  - RejectMismatch - abort the handshake on SNI mismatch
-
 * SessionTicketExpected - whether or not a session ticket is expected
   - Ignore - do not check for a session ticket (default)
   - Yes - a session ticket is expected
   - No - a session ticket is not expected
-  - Broken - a special test case where the session ticket callback does not
-    initialize crypto
-
-* HandshakeMode - which handshake flavour to test:
-  - Simple - plain handshake (default)
-  - Resume - test resumption
-  - (Renegotiate - test renegotiation, not yet implemented)
 
 * ResumptionExpected - whether or not resumption is expected (Resume mode only)
   - Yes - resumed handshake
   - No - full handshake (default)
 
-When HandshakeMode is Resume or Renegotiate, the original handshake is expected
-to succeed. All configured test expectations are verified against the second handshake.
-
-* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol,
-  ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol -
-  NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list,
-  and a callback with the recommended behaviour will be installed automatically.
+* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.
 
 ## Configuring the client and server
 
@@ -132,6 +115,52 @@
   whenever HandshakeMode is Resume. If the resume_client section is not present,
   then the configuration matches client.
 
+### Configuring callbacks and additional options
+
+Additional handshake settings can be configured in the `extra` section of each
+client and server:
+
+```
+client => {
+    "CipherString" => "DEFAULT",
+    extra => {
+        "ServerName" => "server2",
+    }
+}
+```
+
+#### Supported client-side options
+
+* ClientVerifyCallback - the client's custom certificate verify callback.
+  Used to test callback behaviour. One of
+  - None - no custom callback (default)
+  - AcceptAll - accepts all certificates.
+  - RejectAll - rejects all certificates.
+
+* ServerName - the server the client should attempt to connect to. One of
+  - None - do not use SNI (default)
+  - server1 - the initial context
+  - server2 - the secondary context
+  - invalid - an unknown context
+
+#### Supported server-side options
+
+* ServerNameCallback - the SNI switching callback to use
+  - None - no callback (default)
+  - IgnoreMismatch - continue the handshake on SNI mismatch
+  - RejectMismatch - abort the handshake on SNI mismatch
+
+* BrokenSessionTicket - a special test case where the session ticket callback
+  does not initialize crypto.
+  - No (default)
+  - Yes
+
+#### Mutually supported options
+
+* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
+  protocols can be specified as a comma-separated list, and a callback with the
+  recommended behaviour will be installed automatically.
+
 ### Default server and client configurations
 
 The default server certificate and CA files are added to the configurations