h2o / picotls Goto Github PK

TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

CMake 1.30% C 97.54% Perl 0.59% C++ 0.01% DTrace 0.48% PowerShell 0.04% Makefile 0.06%

picotls's Introduction

H2O - an optimized HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3 (experimental)

Copyright (c) 2014-2019 DeNA Co., Ltd., Kazuho Oku, Tatsuhiko Kubo, Domingo Alvarez Duarte, Nick Desaulniers, Marc Hörsken, Masahiro Nagano, Jeff Marrison, Daisuke Maki, Laurentiu Nicola, Justin Zhu, Tatsuhiro Tsujikawa, Ryosuke Matsumoto, Masaki TAGAWA, Masayoshi Takahashi, Chul-Woong Yang, Shota Fukumori, Satoh Hiroh, Fastly, Inc., David Carlier, Frederik Deweerdt, Jonathan Foote, Yannick Koechlin, Harrison Bowden, Kazantsev Mikhail

H2O is a new generation HTTP server. Not only is it very fast, it also provides much quicker response to end-users when compared to older generations of HTTP servers.

Written in C and licensed under the MIT License, it can also be used as a library.

For more information, please refer to the documentation at h2o.examp1e.net.

Reporting Security Issues

Please report vulnerabilities to [email protected]. See SECURITY.md for more information.

picotls's People

Contributors

Stargazers

Watchers

Forkers

mattn syohex alagoutte codeguru85 cr09philip mattcaswell johnwas venkatarajasekhar kawasaki2013 embeddedsamurai deweerdt magurosan lekensteyn praveenmunagapati skyformat99 martinthomson moneytech bkchr fetus-hina ekr utumen shawnl mytbk yalpanian toru mimoo robguima jfoote ertlnagoya dtikhonov larseggert jalmeida85 magastzheng mathiasraoul vpp-quic simon-zh-0409 antoinerime steschu77 doytsujin suddas starrysec thomas-fossati dwaddington james-tr cwru-robotics hfujita doc22940 pluginized-protocols satoru-takeuchi herumi fengjixuchui syoyo vanc chaojilichen s-you jshuhnow codianselme bitfis francklinsimo gfx devnexen kwalzel jepio deviiiiant twingate b0r3dd3v ebonygoddessamber maxsharabayko yangyouqing sleepybishop spector-in-london gujjenaveen bearperson1 averms-forks bernardogomesnegri acidburn0zzz tatsuhiro-t classic130 yixingwang0517 zhangyiyanyan minhuw clayne getdnsapi makesoftwaresafe motiover chizi-chizi paulej sharksforarms airspuer saeid-jhn firstblue ntyunyayev jedisct1 clownsw davidkorczynski icodein fluffy quicr liuguohua-cn timevens

picotls's Issues

Send NewSessionTicket before receiving ClientFinished

Such behavior is desirable since we might never see ClientFinished (in case early-data is used and if the server succeeds in sending the entire response in 1-RTT).

Quote TLS 1.3 draft-18 section 4.5.1:

Although the resumption master secret depends on the client’s second flight, servers which do not request client authentication MAY compute the remainder of the transcript independently and then send a NewSessionTicket immediately upon sending its Finished rather than waiting for the client Finished.

picotls and curl

Hi!

Is there a way to compile curl with picotls?
It would be very useful to run client-side tests with HTTP(2).

Thank You
Martino

Early Data Exporter Secret not accessible through API

When 0-RTT is enabled, the Early Data export secret is set in "server_handle_hello()" after processing the incoming Client Hello, by a call to "derive_exporter_secret(tls, 1)" (line 2514). But after that, the code proceeds to send the Server Hello, the Encrypted Extension, the Certificate, the Certificate Verify, calls "send_finished()", and finally calls "derive_exporter_secret(tls, 0)" (line 2651). That calls erases the secret exported for early data line 2514, and replaces it by the exporter for application data.

That's a problem, because for QUIC I need to export both the early data secret and the application data secret. But I can only call the exporter function ptls_export_secret() after the call to ptls_handshake() completes, and at that point it is too later, the early data secret has been erased.

Support draft 22?

The README says:

At the moment, the library implements Draft 18 of the specification, including support 0-RTT resumption using PSK or PSK-DHE.

Is there a plan to support draft 22?

No resumption following HRR

In development of openssl/openssl#2341 I noticed that I can never seem to get picotls to resume if it sends a HelloRetryRequest during the resuming handshake. Is this a known restriction or a bug (possibly mine)?

Client certificate

Does picotls already supports sending client certificates and the verification of these certificates?

After looking into the code, I'm not 100% sure, but assume that this is currently not supported.

Feature Request: ChaCha20+Poly1305

Hi, Kazuho-san

I've just found that cifra already support ChaCha20+Poly1305, so there's any plan to support it in picotls?

Implement premaster/SSLKEYLOGFILE

Can you add support of new ke for SSLKEYLOFILE (premaster)

https://boringssl-review.googlesource.com/#/c/8841/

I will be help to add decrypt on #wireshark

Did some behavior change with version 23?

The Picoquic unit test for "session resume" are failing, following what looked like a change in behavior of the ptls_handshake() API. In the regular case (without resume), the API return code is 0. But in the session resume case, after processing the client hello, ptls_handshake() returns PTLS_ERROR_IN_PROGRESS instead of 0.

The workaround is easy, but this is surprising.

Memory leaks in ptls_handshake() after failed cert verification

The cert I am using is expired, and ptls_handshake returns error 45. That is OK, but some memory seems to leak in line picotls.c:3718 (see log below).

=================================================================
==31509==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 328 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #4 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #5 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #6 0x10d07a954 in verify_cert openssl.c:1086
    #7 0x10d078704 in handle_certificate picotls.c:2079
    #8 0x10d06e2ca in handle_input picotls.c:3444
    #9 0x10d06baaf in ptls_handshake picotls.c:3718
    #10 0x10d004224 in tls_io tls.c:953
    #11 0x10cfc3874 in process_stream0 conn.c:514
    #12 0x10cf9e0ed in rx conn.c:929
    #13 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #14 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #15 0x10cf2e9e6 in q_connect quic.c:231
    #16 0x10ceb90fb in get client.c:156
    #17 0x10ceb7231 in main client.c:271
    #18 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 894 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23e03d in asn1_enc_save (libcrypto.1.1.dylib:x86_64+0x2703d)
    #2 0x10d23a4f4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x234f4)
    #3 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #4 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #5 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #6 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #7 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #8 0x10d07a954 in verify_cert openssl.c:1086
    #9 0x10d078704 in handle_certificate picotls.c:2079
    #10 0x10d06e2ca in handle_input picotls.c:3444
    #11 0x10d06baaf in ptls_handshake picotls.c:3718
    #12 0x10d004224 in tls_io tls.c:953
    #13 0x10cfc3874 in process_stream0 conn.c:514
    #14 0x10cf9e0ed in rx conn.c:929
    #15 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #16 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #17 0x10cf2e9e6 in q_connect quic.c:231
    #18 0x10ceb90fb in get client.c:156
    #19 0x10ceb7231 in main client.c:271
    #20 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 520 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2567ad in bn_expand2 (libcrypto.1.1.dylib:x86_64+0x3f7ad)
    #3 0x10d256f69 in BN_set_bit (libcrypto.1.1.dylib:x86_64+0x3ff69)
    #4 0x10d257f76 in BN_MONT_CTX_set (libcrypto.1.1.dylib:x86_64+0x40f76)
    #5 0x10d25807b in BN_MONT_CTX_set_locked (libcrypto.1.1.dylib:x86_64+0x4107b)
    #6 0x10d320e41 in rsa_ossl_public_decrypt (libcrypto.1.1.dylib:x86_64+0x109e41)
    #7 0x10d324243 in int_rsa_verify (libcrypto.1.1.dylib:x86_64+0x10d243)
    #8 0x10d3245d6 in RSA_verify (libcrypto.1.1.dylib:x86_64+0x10d5d6)
    #9 0x10d322741 in pkey_rsa_verify (libcrypto.1.1.dylib:x86_64+0x10b741)
    #10 0x10d2eecf8 in EVP_DigestVerifyFinal (libcrypto.1.1.dylib:x86_64+0xd7cf8)
    #11 0x10d231b15 in ASN1_item_verify (libcrypto.1.1.dylib:x86_64+0x1ab15)
    #12 0x10d35922a in internal_verify (libcrypto.1.1.dylib:x86_64+0x14222a)
    #13 0x10d357bc0 in verify_chain (libcrypto.1.1.dylib:x86_64+0x140bc0)
    #14 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #15 0x10d07a9ea in verify_cert openssl.c:1016
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 310 byte(s) in 7 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d23ae34 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23e34)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #8 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #11 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #12 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #13 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #14 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #15 0x10d07a954 in verify_cert openssl.c:1086
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 280 byte(s) in 7 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #4 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #5 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #12 0x10d07a954 in verify_cert openssl.c:1086
    #13 0x10d078704 in handle_certificate picotls.c:2079
    #14 0x10d06e2ca in handle_input picotls.c:3444
    #15 0x10d06baaf in ptls_handshake picotls.c:3718
    #16 0x10d004224 in tls_io tls.c:953
    #17 0x10cfc3874 in process_stream0 conn.c:514
    #18 0x10cf9e0ed in rx conn.c:929
    #19 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #20 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #21 0x10cf2e9e6 in q_connect quic.c:231
    #22 0x10ceb90fb in get client.c:156
    #23 0x10ceb7231 in main client.c:271
    #24 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 270 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d22ba9a in c2i_ASN1_BIT_STRING (libcrypto.1.1.dylib:x86_64+0x14a9a)
    #2 0x10d23ad40 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23d40)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #11 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #12 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #13 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #14 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #15 0x10d07a954 in verify_cert openssl.c:1086
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 264 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2567ad in bn_expand2 (libcrypto.1.1.dylib:x86_64+0x3f7ad)
    #3 0x10d256b32 in BN_bin2bn (libcrypto.1.1.dylib:x86_64+0x3fb32)
    #4 0x10d23e41b in bn_c2i (libcrypto.1.1.dylib:x86_64+0x2741b)
    #5 0x10d23ab74 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23b74)
    #6 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #12 0x10d31ce47 in rsa_pub_decode (libcrypto.1.1.dylib:x86_64+0x105e47)
    #13 0x10d35ec21 in x509_pubkey_decode (libcrypto.1.1.dylib:x86_64+0x147c21)
    #14 0x10d35f196 in pubkey_cb (libcrypto.1.1.dylib:x86_64+0x148196)
    #15 0x10d23a511 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23511)
    #16 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #17 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #18 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #19 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #20 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #21 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #22 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #23 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #24 0x10d07a954 in verify_cert openssl.c:1086
    #25 0x10d078704 in handle_certificate picotls.c:2079
    #26 0x10d06e2ca in handle_input picotls.c:3444
    #27 0x10d06baaf in ptls_handshake picotls.c:3718
    #28 0x10d004224 in tls_io tls.c:953
    #29 0x10cfc3874 in process_stream0 conn.c:514

Indirect leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d22ba9a in c2i_ASN1_BIT_STRING (libcrypto.1.1.dylib:x86_64+0x14a9a)
    #2 0x10d23ad40 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23d40)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #8 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #9 0x10d07a954 in verify_cert openssl.c:1086
    #10 0x10d078704 in handle_certificate picotls.c:2079
    #11 0x10d06e2ca in handle_input picotls.c:3444
    #12 0x10d06baaf in ptls_handshake picotls.c:3718
    #13 0x10d004224 in tls_io tls.c:953
    #14 0x10cfc3874 in process_stream0 conn.c:514
    #15 0x10cf9e0ed in rx conn.c:929
    #16 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #17 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #18 0x10cf2e9e6 in q_connect quic.c:231
    #19 0x10ceb90fb in get client.c:156
    #20 0x10ceb7231 in main client.c:271
    #21 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2567ad in bn_expand2 (libcrypto.1.1.dylib:x86_64+0x3f7ad)
    #3 0x10d256936 in BN_copy (libcrypto.1.1.dylib:x86_64+0x3f936)
    #4 0x10d257de7 in BN_MONT_CTX_set (libcrypto.1.1.dylib:x86_64+0x40de7)
    #5 0x10d25807b in BN_MONT_CTX_set_locked (libcrypto.1.1.dylib:x86_64+0x4107b)
    #6 0x10d320e41 in rsa_ossl_public_decrypt (libcrypto.1.1.dylib:x86_64+0x109e41)
    #7 0x10d324243 in int_rsa_verify (libcrypto.1.1.dylib:x86_64+0x10d243)
    #8 0x10d3245d6 in RSA_verify (libcrypto.1.1.dylib:x86_64+0x10d5d6)
    #9 0x10d322741 in pkey_rsa_verify (libcrypto.1.1.dylib:x86_64+0x10b741)
    #10 0x10d2eecf8 in EVP_DigestVerifyFinal (libcrypto.1.1.dylib:x86_64+0xd7cf8)
    #11 0x10d231b15 in ASN1_item_verify (libcrypto.1.1.dylib:x86_64+0x1ab15)
    #12 0x10d35922a in internal_verify (libcrypto.1.1.dylib:x86_64+0x14222a)
    #13 0x10d357bc0 in verify_chain (libcrypto.1.1.dylib:x86_64+0x140bc0)
    #14 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #15 0x10d07a9ea in verify_cert openssl.c:1016
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 200 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347984 in CRYPTO_THREAD_lock_new (libcrypto.1.1.dylib:x86_64+0x130984)
    #3 0x10d31f56c in RSA_new_method (libcrypto.1.1.dylib:x86_64+0x10856c)
    #4 0x10d31e5e2 in rsa_cb (libcrypto.1.1.dylib:x86_64+0x1075e2)
    #5 0x10d23c817 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25817)
    #6 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #7 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #8 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #9 0x10d31ce47 in rsa_pub_decode (libcrypto.1.1.dylib:x86_64+0x105e47)
    #10 0x10d35ec21 in x509_pubkey_decode (libcrypto.1.1.dylib:x86_64+0x147c21)
    #11 0x10d35f196 in pubkey_cb (libcrypto.1.1.dylib:x86_64+0x148196)
    #12 0x10d23a511 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23511)
    #13 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #14 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #15 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #16 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #17 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #18 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #19 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #20 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #21 0x10d07a954 in verify_cert openssl.c:1086
    #22 0x10d078704 in handle_certificate picotls.c:2079
    #23 0x10d06e2ca in handle_input picotls.c:3444
    #24 0x10d06baaf in ptls_handshake picotls.c:3718
    #25 0x10d004224 in tls_io tls.c:953
    #26 0x10cfc3874 in process_stream0 conn.c:514
    #27 0x10cf9e0ed in rx conn.c:929
    #28 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #29 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)

Indirect leak of 200 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347984 in CRYPTO_THREAD_lock_new (libcrypto.1.1.dylib:x86_64+0x130984)
    #3 0x10d23df03 in asn1_do_lock (libcrypto.1.1.dylib:x86_64+0x26f03)
    #4 0x10d23c8fb in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258fb)
    #5 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #6 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #7 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #8 0x10d07a954 in verify_cert openssl.c:1086
    #9 0x10d078704 in handle_certificate picotls.c:2079
    #10 0x10d06e2ca in handle_input picotls.c:3444
    #11 0x10d06baaf in ptls_handshake picotls.c:3718
    #12 0x10d004224 in tls_io tls.c:953
    #13 0x10cfc3874 in process_stream0 conn.c:514
    #14 0x10cf9e0ed in rx conn.c:929
    #15 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #16 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #17 0x10cf2e9e6 in q_connect quic.c:231
    #18 0x10ceb90fb in get client.c:156
    #19 0x10ceb7231 in main client.c:271
    #20 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 200 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347984 in CRYPTO_THREAD_lock_new (libcrypto.1.1.dylib:x86_64+0x130984)
    #3 0x10d2efea3 in EVP_PKEY_new (libcrypto.1.1.dylib:x86_64+0xd8ea3)
    #4 0x10d35ebeb in x509_pubkey_decode (libcrypto.1.1.dylib:x86_64+0x147beb)
    #5 0x10d35f196 in pubkey_cb (libcrypto.1.1.dylib:x86_64+0x148196)
    #6 0x10d23a511 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23511)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #11 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #12 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #13 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #14 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #15 0x10d07a954 in verify_cert openssl.c:1086
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 192 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d26554f in BUF_MEM_grow (libcrypto.1.1.dylib:x86_64+0x4e54f)
    #2 0x10d35e32e in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x14732e)
    #3 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #12 0x10d07a954 in verify_cert openssl.c:1086
    #13 0x10d078704 in handle_certificate picotls.c:2079
    #14 0x10d06e2ca in handle_input picotls.c:3444
    #15 0x10d06baaf in ptls_handshake picotls.c:3718
    #16 0x10d004224 in tls_io tls.c:953
    #17 0x10cfc3874 in process_stream0 conn.c:514
    #18 0x10cf9e0ed in rx conn.c:929
    #19 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #20 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #21 0x10cf2e9e6 in q_connect quic.c:231
    #22 0x10ceb90fb in get client.c:156
    #23 0x10ceb7231 in main client.c:271
    #24 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 168 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d31f558 in RSA_new_method (libcrypto.1.1.dylib:x86_64+0x108558)
    #3 0x10d31e5e2 in rsa_cb (libcrypto.1.1.dylib:x86_64+0x1075e2)
    #4 0x10d23c817 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25817)
    #5 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #6 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #7 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #8 0x10d31ce47 in rsa_pub_decode (libcrypto.1.1.dylib:x86_64+0x105e47)
    #9 0x10d35ec21 in x509_pubkey_decode (libcrypto.1.1.dylib:x86_64+0x147c21)
    #10 0x10d35f196 in pubkey_cb (libcrypto.1.1.dylib:x86_64+0x148196)
    #11 0x10d23a511 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23511)
    #12 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #13 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #14 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #15 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #16 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #17 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #18 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #19 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #20 0x10d07a954 in verify_cert openssl.c:1086
    #21 0x10d078704 in handle_certificate picotls.c:2079
    #22 0x10d06e2ca in handle_input picotls.c:3444
    #23 0x10d06baaf in ptls_handshake picotls.c:3718
    #24 0x10d004224 in tls_io tls.c:953
    #25 0x10cfc3874 in process_stream0 conn.c:514
    #26 0x10cf9e0ed in rx conn.c:929
    #27 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #28 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #29 0x10cf2e9e6 in q_connect quic.c:231

Indirect leak of 137 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d35e90e in x509_name_canon (libcrypto.1.1.dylib:x86_64+0x14790e)
    #2 0x10d35e3d5 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x1473d5)
    #3 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #12 0x10d07a954 in verify_cert openssl.c:1086
    #13 0x10d078704 in handle_certificate picotls.c:2079
    #14 0x10d06e2ca in handle_input picotls.c:3444
    #15 0x10d06baaf in ptls_handshake picotls.c:3718
    #16 0x10d004224 in tls_io tls.c:953
    #17 0x10cfc3874 in process_stream0 conn.c:514
    #18 0x10cf9e0ed in rx conn.c:929
    #19 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #20 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #21 0x10cf2e9e6 in q_connect quic.c:231
    #22 0x10ceb90fb in get client.c:156
    #23 0x10ceb7231 in main client.c:271
    #24 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 120 byte(s) in 5 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2338ba in ASN1_STRING_type_new (libcrypto.1.1.dylib:x86_64+0x1c8ba)
    #3 0x10d23cbbb in asn1_primitive_new (libcrypto.1.1.dylib:x86_64+0x25bbb)
    #4 0x10d23c863 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25863)
    #5 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #6 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #7 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #8 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #9 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #10 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #11 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #12 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #13 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #14 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #15 0x10d35e2e7 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x1472e7)
    #16 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #17 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #18 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #19 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #20 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #21 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #22 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #23 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #24 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #25 0x10d07a954 in verify_cert openssl.c:1086
    #26 0x10d078704 in handle_certificate picotls.c:2079
    #27 0x10d06e2ca in handle_input picotls.c:3444
    #28 0x10d06baaf in ptls_handshake picotls.c:3718
    #29 0x10d004224 in tls_io tls.c:953

Indirect leak of 120 byte(s) in 5 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #4 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #7 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d35e2e7 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x1472e7)
    #12 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #13 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #14 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #15 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #16 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #17 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #18 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #19 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #20 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #21 0x10d07a954 in verify_cert openssl.c:1086
    #22 0x10d078704 in handle_certificate picotls.c:2079
    #23 0x10d06e2ca in handle_input picotls.c:3444
    #24 0x10d06baaf in ptls_handshake picotls.c:3718
    #25 0x10d004224 in tls_io tls.c:953
    #26 0x10cfc3874 in process_stream0 conn.c:514
    #27 0x10cf9e0ed in rx conn.c:929
    #28 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #29 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)

Indirect leak of 104 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d257ca6 in BN_MONT_CTX_new (libcrypto.1.1.dylib:x86_64+0x40ca6)
    #2 0x10d258065 in BN_MONT_CTX_set_locked (libcrypto.1.1.dylib:x86_64+0x41065)
    #3 0x10d320e41 in rsa_ossl_public_decrypt (libcrypto.1.1.dylib:x86_64+0x109e41)
    #4 0x10d324243 in int_rsa_verify (libcrypto.1.1.dylib:x86_64+0x10d243)
    #5 0x10d3245d6 in RSA_verify (libcrypto.1.1.dylib:x86_64+0x10d5d6)
    #6 0x10d322741 in pkey_rsa_verify (libcrypto.1.1.dylib:x86_64+0x10b741)
    #7 0x10d2eecf8 in EVP_DigestVerifyFinal (libcrypto.1.1.dylib:x86_64+0xd7cf8)
    #8 0x10d231b15 in ASN1_item_verify (libcrypto.1.1.dylib:x86_64+0x1ab15)
    #9 0x10d35922a in internal_verify (libcrypto.1.1.dylib:x86_64+0x14222a)
    #10 0x10d357bc0 in verify_chain (libcrypto.1.1.dylib:x86_64+0x140bc0)
    #11 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #12 0x10d07a9ea in verify_cert openssl.c:1016
    #13 0x10d078704 in handle_certificate picotls.c:2079
    #14 0x10d06e2ca in handle_input picotls.c:3444
    #15 0x10d06baaf in ptls_handshake picotls.c:3718
    #16 0x10d004224 in tls_io tls.c:953
    #17 0x10cfc3874 in process_stream0 conn.c:514
    #18 0x10cf9e0ed in rx conn.c:929
    #19 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #20 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #21 0x10cf2e9e6 in q_connect quic.c:231
    #22 0x10ceb90fb in get client.c:156
    #23 0x10ceb7231 in main client.c:271
    #24 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 87 byte(s) in 5 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d23ae34 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23e34)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #10 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #11 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #12 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #13 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #14 0x10d35e2e7 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x1472e7)
    #15 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #16 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #17 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #18 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #19 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #20 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #21 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #22 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #23 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #24 0x10d07a954 in verify_cert openssl.c:1086
    #25 0x10d078704 in handle_certificate picotls.c:2079
    #26 0x10d06e2ca in handle_input picotls.c:3444
    #27 0x10d06baaf in ptls_handshake picotls.c:3718
    #28 0x10d004224 in tls_io tls.c:953
    #29 0x10cfc3874 in process_stream0 conn.c:514

Indirect leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347548 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130548)
    #3 0x10d35e19a in x509_name_ex_new (libcrypto.1.1.dylib:x86_64+0x14719a)
    #4 0x10d35e313 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x147313)
    #5 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d35e18d in x509_name_ex_new (libcrypto.1.1.dylib:x86_64+0x14718d)
    #3 0x10d35e313 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x147313)
    #4 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #5 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #6 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #7 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #8 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #9 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #10 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #11 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #12 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #13 0x10d07a954 in verify_cert openssl.c:1086
    #14 0x10d078704 in handle_certificate picotls.c:2079
    #15 0x10d06e2ca in handle_input picotls.c:3444
    #16 0x10d06baaf in ptls_handshake picotls.c:3718
    #17 0x10d004224 in tls_io tls.c:953
    #18 0x10cfc3874 in process_stream0 conn.c:514
    #19 0x10cf9e0ed in rx conn.c:929
    #20 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #21 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #22 0x10cf2e9e6 in q_connect quic.c:231
    #23 0x10ceb90fb in get client.c:156
    #24 0x10ceb7231 in main client.c:271
    #25 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2efe84 in EVP_PKEY_new (libcrypto.1.1.dylib:x86_64+0xd8e84)
    #3 0x10d35ebeb in x509_pubkey_decode (libcrypto.1.1.dylib:x86_64+0x147beb)
    #4 0x10d35f196 in pubkey_cb (libcrypto.1.1.dylib:x86_64+0x148196)
    #5 0x10d23a511 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23511)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 72 byte(s) in 3 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2338ba in ASN1_STRING_type_new (libcrypto.1.1.dylib:x86_64+0x1c8ba)
    #3 0x10d23cbbb in asn1_primitive_new (libcrypto.1.1.dylib:x86_64+0x25bbb)
    #4 0x10d23c863 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25863)
    #5 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #6 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #7 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #8 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #9 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #10 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #11 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cfb7 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56fb7)
    #1 0x10d347616 in OPENSSL_sk_insert (libcrypto.1.1.dylib:x86_64+0x130616)
    #2 0x10d23b44a in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2444a)
    #3 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #4 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #5 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #6 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #7 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #8 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #9 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #10 0x10d07a954 in verify_cert openssl.c:1086
    #11 0x10d078704 in handle_certificate picotls.c:2079
    #12 0x10d06e2ca in handle_input picotls.c:3444
    #13 0x10d06baaf in ptls_handshake picotls.c:3718
    #14 0x10d004224 in tls_io tls.c:953
    #15 0x10cfc3874 in process_stream0 conn.c:514
    #16 0x10cf9e0ed in rx conn.c:929
    #17 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #18 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #19 0x10cf2e9e6 in q_connect quic.c:231
    #20 0x10ceb90fb in get client.c:156
    #21 0x10ceb7231 in main client.c:271
    #22 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d26542b in BUF_MEM_new (libcrypto.1.1.dylib:x86_64+0x4e42b)
    #3 0x10d35e1a7 in x509_name_ex_new (libcrypto.1.1.dylib:x86_64+0x1471a7)
    #4 0x10d35e313 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x147313)
    #5 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347566 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130566)
    #3 0x10d35e19a in x509_name_ex_new (libcrypto.1.1.dylib:x86_64+0x14719a)
    #4 0x10d35e313 in x509_name_ex_d2i (libcrypto.1.1.dylib:x86_64+0x147313)
    #5 0x10d239e67 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22e67)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2566ff in BN_new (libcrypto.1.1.dylib:x86_64+0x3f6ff)
    #3 0x10d23e405 in bn_c2i (libcrypto.1.1.dylib:x86_64+0x27405)
    #4 0x10d23ab74 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23b74)
    #5 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #10 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #11 0x10d31ce47 in rsa_pub_decode (libcrypto.1.1.dylib:x86_64+0x105e47)
    #12 0x10d35ec21 in x509_pubkey_decode (libcrypto.1.1.dylib:x86_64+0x147c21)
    #13 0x10d35f196 in pubkey_cb (libcrypto.1.1.dylib:x86_64+0x148196)
    #14 0x10d23a511 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23511)
    #15 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #16 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #17 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #18 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #19 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #20 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #21 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #22 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #23 0x10d07a954 in verify_cert openssl.c:1086
    #24 0x10d078704 in handle_certificate picotls.c:2079
    #25 0x10d06e2ca in handle_input picotls.c:3444
    #26 0x10d06baaf in ptls_handshake picotls.c:3718
    #27 0x10d004224 in tls_io tls.c:953
    #28 0x10cfc3874 in process_stream0 conn.c:514
    #29 0x10cf9e0ed in rx conn.c:929

Indirect leak of 44 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d23ae34 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23e34)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b387 in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x24387)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a20c in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x2320c)
    #7 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d239fb5 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22fb5)
    #10 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #11 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #12 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #13 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #14 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #15 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #16 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #17 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #18 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #19 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #20 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #21 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #22 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #23 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #24 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #25 0x10d07a9ea in verify_cert openssl.c:1016
    #26 0x10d078704 in handle_certificate picotls.c:2079
    #27 0x10d06e2ca in handle_input picotls.c:3444
    #28 0x10d06baaf in ptls_handshake picotls.c:3718
    #29 0x10d004224 in tls_io tls.c:953

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347548 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130548)
    #3 0x10d23b3ce in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x243ce)
    #4 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #5 0x10d239fb5 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22fb5)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #15 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #16 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #17 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #18 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #19 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #20 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #21 0x10d07a9ea in verify_cert openssl.c:1016
    #22 0x10d078704 in handle_certificate picotls.c:2079
    #23 0x10d06e2ca in handle_input picotls.c:3444
    #24 0x10d06baaf in ptls_handshake picotls.c:3718
    #25 0x10d004224 in tls_io tls.c:953
    #26 0x10cfc3874 in process_stream0 conn.c:514
    #27 0x10cf9e0ed in rx conn.c:929
    #28 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #29 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347548 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130548)
    #3 0x10d23b3ce in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x243ce)
    #4 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #5 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #6 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #7 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #8 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #9 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #10 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #11 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #12 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #13 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #14 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #15 0x10d07a9ea in verify_cert openssl.c:1016
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347548 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130548)
    #3 0x10d23b3ce in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x243ce)
    #4 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #5 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #10 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #11 0x10d07a954 in verify_cert openssl.c:1086
    #12 0x10d078704 in handle_certificate picotls.c:2079
    #13 0x10d06e2ca in handle_input picotls.c:3444
    #14 0x10d06baaf in ptls_handshake picotls.c:3718
    #15 0x10d004224 in tls_io tls.c:953
    #16 0x10cfc3874 in process_stream0 conn.c:514
    #17 0x10cf9e0ed in rx conn.c:929
    #18 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #19 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #20 0x10cf2e9e6 in q_connect quic.c:231
    #21 0x10ceb90fb in get client.c:156
    #22 0x10ceb7231 in main client.c:271
    #23 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347566 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130566)
    #3 0x10d23b3ce in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x243ce)
    #4 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #5 0x10d239fb5 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22fb5)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #15 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #16 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #17 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #18 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #19 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #20 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #21 0x10d07a9ea in verify_cert openssl.c:1016
    #22 0x10d078704 in handle_certificate picotls.c:2079
    #23 0x10d06e2ca in handle_input picotls.c:3444
    #24 0x10d06baaf in ptls_handshake picotls.c:3718
    #25 0x10d004224 in tls_io tls.c:953
    #26 0x10cfc3874 in process_stream0 conn.c:514
    #27 0x10cf9e0ed in rx conn.c:929
    #28 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #29 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #4 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #7 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #8 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #9 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #10 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #11 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #12 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #13 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #14 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #15 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #16 0x10d07a9ea in verify_cert openssl.c:1016
    #17 0x10d078704 in handle_certificate picotls.c:2079
    #18 0x10d06e2ca in handle_input picotls.c:3444
    #19 0x10d06baaf in ptls_handshake picotls.c:3718
    #20 0x10d004224 in tls_io tls.c:953
    #21 0x10cfc3874 in process_stream0 conn.c:514
    #22 0x10cf9e0ed in rx conn.c:929
    #23 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #24 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #25 0x10cf2e9e6 in q_connect quic.c:231
    #26 0x10ceb90fb in get client.c:156
    #27 0x10ceb7231 in main client.c:271
    #28 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d347566 in OPENSSL_sk_new (libcrypto.1.1.dylib:x86_64+0x130566)
    #3 0x10d23b3ce in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x243ce)
    #4 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #5 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #6 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #7 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #8 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #9 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #10 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #11 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #12 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #13 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #14 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #15 0x10d07a9ea in verify_cert openssl.c:1016
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 28 byte(s) in 2 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d23ae34 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23e34)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #11 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #12 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #13 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #14 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #15 0x10d07a954 in verify_cert openssl.c:1086
    #16 0x10d078704 in handle_certificate picotls.c:2079
    #17 0x10d06e2ca in handle_input picotls.c:3444
    #18 0x10d06baaf in ptls_handshake picotls.c:3718
    #19 0x10d004224 in tls_io tls.c:953
    #20 0x10cfc3874 in process_stream0 conn.c:514
    #21 0x10cf9e0ed in rx conn.c:929
    #22 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #23 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #24 0x10cf2e9e6 in q_connect quic.c:231
    #25 0x10ceb90fb in get client.c:156
    #26 0x10ceb7231 in main client.c:271
    #27 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2338ba in ASN1_STRING_type_new (libcrypto.1.1.dylib:x86_64+0x1c8ba)
    #3 0x10d23add5 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23dd5)
    #4 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #5 0x10d23b387 in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x24387)
    #6 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #7 0x10d23a20c in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x2320c)
    #8 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #9 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #10 0x10d239fb5 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22fb5)
    #11 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #12 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #13 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #14 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #15 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #16 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #17 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #18 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #19 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #20 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #21 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #22 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #23 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #24 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #25 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #26 0x10d07a9ea in verify_cert openssl.c:1016
    #27 0x10d078704 in handle_certificate picotls.c:2079
    #28 0x10d06e2ca in handle_input picotls.c:3444
    #29 0x10d06baaf in ptls_handshake picotls.c:3718

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c998 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25998)
    #3 0x10d239f60 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22f60)
    #4 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #5 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #8 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #9 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #12 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #13 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #14 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #15 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #16 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #17 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #18 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #19 0x10d07a9ea in verify_cert openssl.c:1016
    #20 0x10d078704 in handle_certificate picotls.c:2079
    #21 0x10d06e2ca in handle_input picotls.c:3444
    #22 0x10d06baaf in ptls_handshake picotls.c:3718
    #23 0x10d004224 in tls_io tls.c:953
    #24 0x10cfc3874 in process_stream0 conn.c:514
    #25 0x10cf9e0ed in rx conn.c:929
    #26 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #27 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #28 0x10cf2e9e6 in q_connect quic.c:231
    #29 0x10ceb90fb in get client.c:156

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2338ba in ASN1_STRING_type_new (libcrypto.1.1.dylib:x86_64+0x1c8ba)
    #3 0x10d22cf68 in c2i_ASN1_INTEGER (libcrypto.1.1.dylib:x86_64+0x15f68)
    #4 0x10d23ac0b in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23c0b)
    #5 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #4 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #5 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #6 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #7 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #8 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #9 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #10 0x10d07a954 in verify_cert openssl.c:1086
    #11 0x10d078704 in handle_certificate picotls.c:2079
    #12 0x10d06e2ca in handle_input picotls.c:3444
    #13 0x10d06baaf in ptls_handshake picotls.c:3718
    #14 0x10d004224 in tls_io tls.c:953
    #15 0x10cfc3874 in process_stream0 conn.c:514
    #16 0x10cf9e0ed in rx conn.c:929
    #17 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #18 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #19 0x10cf2e9e6 in q_connect quic.c:231
    #20 0x10ceb90fb in get client.c:156
    #21 0x10ceb7231 in main client.c:271
    #22 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2338ba in ASN1_STRING_type_new (libcrypto.1.1.dylib:x86_64+0x1c8ba)
    #3 0x10d23add5 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23dd5)
    #4 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #5 0x10d23b387 in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x24387)
    #6 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #7 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #8 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #9 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #10 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #11 0x10d36c56b in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x15556b)
    #12 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #13 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #14 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #15 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #16 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #17 0x10d07a9ea in verify_cert openssl.c:1016
    #18 0x10d078704 in handle_certificate picotls.c:2079
    #19 0x10d06e2ca in handle_input picotls.c:3444
    #20 0x10d06baaf in ptls_handshake picotls.c:3718
    #21 0x10d004224 in tls_io tls.c:953
    #22 0x10cfc3874 in process_stream0 conn.c:514
    #23 0x10cf9e0ed in rx conn.c:929
    #24 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #25 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #26 0x10cf2e9e6 in q_connect quic.c:231
    #27 0x10ceb90fb in get client.c:156
    #28 0x10ceb7231 in main client.c:271
    #29 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #4 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #5 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #6 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #7 0x10d36c56b in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x15556b)
    #8 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #9 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #10 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #11 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #12 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #13 0x10d07a9ea in verify_cert openssl.c:1016
    #14 0x10d078704 in handle_certificate picotls.c:2079
    #15 0x10d06e2ca in handle_input picotls.c:3444
    #16 0x10d06baaf in ptls_handshake picotls.c:3718
    #17 0x10d004224 in tls_io tls.c:953
    #18 0x10cfc3874 in process_stream0 conn.c:514
    #19 0x10cf9e0ed in rx conn.c:929
    #20 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #21 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #22 0x10cf2e9e6 in q_connect quic.c:231
    #23 0x10ceb90fb in get client.c:156
    #24 0x10ceb7231 in main client.c:271
    #25 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d2338ba in ASN1_STRING_type_new (libcrypto.1.1.dylib:x86_64+0x1c8ba)
    #3 0x10d23add5 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23dd5)
    #4 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #5 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #6 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #7 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #8 0x10d36c553 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155553)
    #9 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #10 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #11 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #12 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #13 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #14 0x10d07a9ea in verify_cert openssl.c:1016
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 21 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d23ae34 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23e34)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d23b387 in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x24387)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #7 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #8 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #9 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #10 0x10d36c56b in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x15556b)
    #11 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #12 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #13 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #14 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #15 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #16 0x10d07a9ea in verify_cert openssl.c:1016
    #17 0x10d078704 in handle_certificate picotls.c:2079
    #18 0x10d06e2ca in handle_input picotls.c:3444
    #19 0x10d06baaf in ptls_handshake picotls.c:3718
    #20 0x10d004224 in tls_io tls.c:953
    #21 0x10cfc3874 in process_stream0 conn.c:514
    #22 0x10cf9e0ed in rx conn.c:929
    #23 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #24 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #25 0x10cf2e9e6 in q_connect quic.c:231
    #26 0x10ceb90fb in get client.c:156
    #27 0x10ceb7231 in main client.c:271
    #28 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 21 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d23ae34 in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23e34)
    #3 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #4 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #5 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #6 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #7 0x10d36c553 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155553)
    #8 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #9 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #10 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #11 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #12 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #13 0x10d07a9ea in verify_cert openssl.c:1016
    #14 0x10d078704 in handle_certificate picotls.c:2079
    #15 0x10d06e2ca in handle_input picotls.c:3444
    #16 0x10d06baaf in ptls_handshake picotls.c:3718
    #17 0x10d004224 in tls_io tls.c:953
    #18 0x10cfc3874 in process_stream0 conn.c:514
    #19 0x10cf9e0ed in rx conn.c:929
    #20 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #21 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #22 0x10cf2e9e6 in q_connect quic.c:231
    #23 0x10ceb90fb in get client.c:156
    #24 0x10ceb7231 in main client.c:271
    #25 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 17 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d22cf84 in c2i_ASN1_INTEGER (libcrypto.1.1.dylib:x86_64+0x15f84)
    #3 0x10d23ac0b in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23c0b)
    #4 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #5 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #6 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #7 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #8 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #9 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #10 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #11 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #12 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #13 0x10d07a954 in verify_cert openssl.c:1086
    #14 0x10d078704 in handle_certificate picotls.c:2079
    #15 0x10d06e2ca in handle_input picotls.c:3444
    #16 0x10d06baaf in ptls_handshake picotls.c:3718
    #17 0x10d004224 in tls_io tls.c:953
    #18 0x10cfc3874 in process_stream0 conn.c:514
    #19 0x10cf9e0ed in rx conn.c:929
    #20 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #21 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #22 0x10cf2e9e6 in q_connect quic.c:231
    #23 0x10ceb90fb in get client.c:156
    #24 0x10ceb7231 in main client.c:271
    #25 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23cbfb in asn1_primitive_new (libcrypto.1.1.dylib:x86_64+0x25bfb)
    #2 0x10d23c863 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25863)
    #3 0x10d23c798 in ASN1_item_new (libcrypto.1.1.dylib:x86_64+0x25798)
    #4 0x10d23ab9e in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23b9e)
    #5 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #13 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #14 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #15 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #16 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #17 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #18 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #19 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #20 0x10d07a954 in verify_cert openssl.c:1086
    #21 0x10d078704 in handle_certificate picotls.c:2079
    #22 0x10d06e2ca in handle_input picotls.c:3444
    #23 0x10d06baaf in ptls_handshake picotls.c:3718
    #24 0x10d004224 in tls_io tls.c:953
    #25 0x10cfc3874 in process_stream0 conn.c:514
    #26 0x10cf9e0ed in rx conn.c:929
    #27 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #28 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #29 0x10cf2e9e6 in q_connect quic.c:231

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23cbfb in asn1_primitive_new (libcrypto.1.1.dylib:x86_64+0x25bfb)
    #2 0x10d23c863 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25863)
    #3 0x10d23c798 in ASN1_item_new (libcrypto.1.1.dylib:x86_64+0x25798)
    #4 0x10d23ab9e in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23b9e)
    #5 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #13 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #14 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #15 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #16 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #17 0x10d07a954 in verify_cert openssl.c:1086
    #18 0x10d078704 in handle_certificate picotls.c:2079
    #19 0x10d06e2ca in handle_input picotls.c:3444
    #20 0x10d06baaf in ptls_handshake picotls.c:3718
    #21 0x10d004224 in tls_io tls.c:953
    #22 0x10cfc3874 in process_stream0 conn.c:514
    #23 0x10cf9e0ed in rx conn.c:929
    #24 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #25 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #26 0x10cf2e9e6 in q_connect quic.c:231
    #27 0x10ceb90fb in get client.c:156
    #28 0x10ceb7231 in main client.c:271
    #29 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c998 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25998)
    #3 0x10d239f60 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22f60)
    #4 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #5 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #6 0x10d239fb5 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22fb5)
    #7 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #8 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #9 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #10 0x10d23b42d in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2442d)
    #11 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #12 0x10d239db8 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x22db8)
    #13 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #14 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #15 0x10d369de5 in X509V3_EXT_d2i (libcrypto.1.1.dylib:x86_64+0x152de5)
    #16 0x10d36c629 in x509v3_cache_extensions (libcrypto.1.1.dylib:x86_64+0x155629)
    #17 0x10d36cd81 in X509_check_issued (libcrypto.1.1.dylib:x86_64+0x155d81)
    #18 0x10d359046 in check_issued (libcrypto.1.1.dylib:x86_64+0x142046)
    #19 0x10d35a308 in find_issuer (libcrypto.1.1.dylib:x86_64+0x143308)
    #20 0x10d3571ce in verify_chain (libcrypto.1.1.dylib:x86_64+0x1401ce)
    #21 0x10d356c8d in X509_verify_cert (libcrypto.1.1.dylib:x86_64+0x13fc8d)
    #22 0x10d07a9ea in verify_cert openssl.c:1016
    #23 0x10d078704 in handle_certificate picotls.c:2079
    #24 0x10d06e2ca in handle_input picotls.c:3444
    #25 0x10d06baaf in ptls_handshake picotls.c:3718
    #26 0x10d004224 in tls_io tls.c:953
    #27 0x10cfc3874 in process_stream0 conn.c:514
    #28 0x10cf9e0ed in rx conn.c:929
    #29 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23cbfb in asn1_primitive_new (libcrypto.1.1.dylib:x86_64+0x25bfb)
    #2 0x10d23c863 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25863)
    #3 0x10d23c798 in ASN1_item_new (libcrypto.1.1.dylib:x86_64+0x25798)
    #4 0x10d23ab9e in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23b9e)
    #5 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #6 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #7 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #8 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #9 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #10 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #11 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #12 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #13 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #14 0x10d07a954 in verify_cert openssl.c:1086
    #15 0x10d078704 in handle_certificate picotls.c:2079
    #16 0x10d06e2ca in handle_input picotls.c:3444
    #17 0x10d06baaf in ptls_handshake picotls.c:3718
    #18 0x10d004224 in tls_io tls.c:953
    #19 0x10cfc3874 in process_stream0 conn.c:514
    #20 0x10cf9e0ed in rx conn.c:929
    #21 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #22 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #23 0x10cf2e9e6 in q_connect quic.c:231
    #24 0x10ceb90fb in get client.c:156
    #25 0x10ceb7231 in main client.c:271
    #26 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d2f9210 in CRYPTO_zalloc (libcrypto.1.1.dylib:x86_64+0xe2210)
    #2 0x10d23c8e2 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x258e2)
    #3 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #4 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #5 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #6 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #7 0x10d23cac8 in asn1_template_new (libcrypto.1.1.dylib:x86_64+0x25ac8)
    #8 0x10d23c932 in asn1_item_embed_new (libcrypto.1.1.dylib:x86_64+0x25932)
    #9 0x10d23a015 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23015)
    #10 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #11 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #12 0x10d07a954 in verify_cert openssl.c:1086
    #13 0x10d078704 in handle_certificate picotls.c:2079
    #14 0x10d06e2ca in handle_input picotls.c:3444
    #15 0x10d06baaf in ptls_handshake picotls.c:3718
    #16 0x10d004224 in tls_io tls.c:953
    #17 0x10cfc3874 in process_stream0 conn.c:514
    #18 0x10cf9e0ed in rx conn.c:929
    #19 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #20 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #21 0x10cf2e9e6 in q_connect quic.c:231
    #22 0x10ceb90fb in get client.c:156
    #23 0x10ceb7231 in main client.c:271
    #24 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

Indirect leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x10d49cc33 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56c33)
    #1 0x10d23378a in ASN1_STRING_set (libcrypto.1.1.dylib:x86_64+0x1c78a)
    #2 0x10d22cf84 in c2i_ASN1_INTEGER (libcrypto.1.1.dylib:x86_64+0x15f84)
    #3 0x10d23ac0b in asn1_d2i_ex_primitive (libcrypto.1.1.dylib:x86_64+0x23c0b)
    #4 0x10d23a2c4 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x232c4)
    #5 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #6 0x10d23a6c1 in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x236c1)
    #7 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #8 0x10d23b27b in asn1_template_noexp_d2i (libcrypto.1.1.dylib:x86_64+0x2427b)
    #9 0x10d23a60d in asn1_template_ex_d2i (libcrypto.1.1.dylib:x86_64+0x2360d)
    #10 0x10d23a149 in asn1_item_embed_d2i (libcrypto.1.1.dylib:x86_64+0x23149)
    #11 0x10d239c08 in ASN1_item_ex_d2i (libcrypto.1.1.dylib:x86_64+0x22c08)
    #12 0x10d239bce in ASN1_item_d2i (libcrypto.1.1.dylib:x86_64+0x22bce)
    #13 0x10d07a954 in verify_cert openssl.c:1086
    #14 0x10d078704 in handle_certificate picotls.c:2079
    #15 0x10d06e2ca in handle_input picotls.c:3444
    #16 0x10d06baaf in ptls_handshake picotls.c:3718
    #17 0x10d004224 in tls_io tls.c:953
    #18 0x10cfc3874 in process_stream0 conn.c:514
    #19 0x10cf9e0ed in rx conn.c:929
    #20 0x10d43b542 in ev_invoke_pending (libev.4.dylib:x86_64+0x2542)
    #21 0x10d43b9c5 in ev_run (libev.4.dylib:x86_64+0x29c5)
    #22 0x10cf2e9e6 in q_connect quic.c:231
    #23 0x10ceb90fb in get client.c:156
    #24 0x10ceb7231 in main client.c:271
    #25 0x7fff759cb014 in start (libdyld.dylib:x86_64+0x1014)

SUMMARY: AddressSanitizer: 6047 byte(s) leaked in 86 allocation(s).

Series of warning when compiling minicrypto in Visual Studio

When compiling the minicrypto lib in VS 2017, I get these warnings:

...
3>curve25519.c
3>deps\cifra\src\curve25519.tweetnacl.c(99): warning C4244: '=': conversion from 'int64_t' to 'uint8_t', possible loss of data
3>deps\cifra\src\curve25519.tweetnacl.c(201): warning C4244: 'function': conversion from 'int64_t' to 'int', possible loss of data
3>deps\cifra\src\curve25519.tweetnacl.c(202): warning C4244: 'function': conversion from 'int64_t' to 'int', possible loss of data
3>deps\cifra\src\curve25519.tweetnacl.c(221): warning C4244: 'function': conversion from 'int64_t' to 'int', possible loss of data
3>deps\cifra\src\curve25519.tweetnacl.c(222): warning C4244: 'function': conversion from 'int64_t' to 'int', possible loss of data

...
3>ccm.c
3>deps\cifra\src\ccm.c(71): warning C4267: '=': conversion from 'size_t' to 'uint8_t', possible loss of data
3>deps\cifra\src\ccm.c(82): warning C4267: '=': conversion from 'size_t' to 'uint8_t', possible loss of data

3>cbcmac.c
3>deps\cifra\src\cbcmac.c(74): warning C4267: 'initializing': conversion from 'size_t' to 'uint8_t', possible loss of data
...

They can easily be suppressed by proper type casting, but I wonder whether that is a good idea.

Crash in server_handle_hello()

I see a crash at the end of server_handle_hello(), because tls->ctx->sign_certificate->cb is zero when called from the "build and send CertificateVerify" block.

I'm sure I'm doing something wrong when setting things up. Here is how I currently initialize the contexts:

static ptls_minicrypto_secp256r1sha256_sign_certificate_t sign_cert;
static ptls_iovec_t tls_certs;
static ptls_verify_certificate_t verifier;

unsigned char tls_key[] = {
  0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xe6, 0xbd, 0x0f, 0xe0, 0xf2,
  // ...
};
unsigned int tls_key_len = 121;
unsigned char tls_cert[] = {
  0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x39, 0xa0, 0x03, 0x02, 0x01,
  // ...
};
unsigned int tls_cert_len = 407;

// initialize TLS context
tls_ctx.random_bytes = ptls_minicrypto_random_bytes;
tls_ctx.key_exchanges = ptls_minicrypto_key_exchanges;
tls_ctx.cipher_suites = ptls_minicrypto_cipher_suites;

ptls_minicrypto_init_secp256r1sha256_sign_certificate(
    &sign_cert, ptls_iovec_init(tls_key, tls_key_len));
tls_ctx.sign_certificate = &sign_cert.super;

tls_certs = ptls_iovec_init(tls_cert, tls_cert_len);
tls_ctx.certificates.list = &tls_certs;
tls_ctx.certificates.count = 1;

// TODO: there doesn't yet seem to be a minicrypto version of this call:
// ptls_openssl_init_verify_certificate(&verifier, 0);
tls_ctx.verify_certificate = &verifier;

Apart from the missing ptls_openssl_init_verify_certificate call (see #47), do you spot anything obviously bogus?

picotls client and boringSLL 0RTT

picotls client does not read the entire contents from BoringSLL server if 0RTT is used:

% cat Early1 
GET / HTTP/1.1
Host: tls.ctf.network

% cat Early1 - | ./cli -s ticket -e tls.ctf.network 443
...
a>. Each case arm can have one or more fields.</p>
<p id="rfc.section.3.8^C
%

Adding an extension in the handshake (for QUIC)

The QUIC spec requires sending the QUIC transport parameters as part of the handshake, as an extension. Is there an example somewhere on how to do that?

negotiating draft 28|27|26 does not work

PR #134 implemented support for three draft versions, listing three values 0x7f1c, 0x7f1b and 0x7f1a in the "supported version" extensions. This works on the server side, because the server advertises support for the draft version selected by the client, but it does not appear to work on the client side. At least, it does not work when testing against WinQuic.

The TLS spec actually has a warning against negotiating draft versions in section 4.1.3. Server Hello:

   RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH Implementations of
   draft versions (see Section 4.2.1.1) of this specification SHOULD NOT
   implement this mechanism on either client and server.  A pre-RFC
   client connecting to RFC servers, or vice versa, will appear to
   downgrade to TLS 1.2.  With the mechanism enabled, this will cause an
   interoperability failure.

I wonder whether we should discuss that on the TLS list.

Some keys work, some fail

As just mentioned to you at the QUIC interop, I generate random keys, some of which work and some of which make picotls die in ptls_minicrypto_init_secp256r1sha256_sign_certificate.

Here is one that fails:

unsigned char tls_key[] = {
    0x00, 0xce, 0x3c, 0xb6, 0xdc, 0x8c, 0xdf, 0x2e, 0x3b, 0xde, 0xd2, 0x72, 0x6a, 0x67, 0xbe,
    0x8b, 0xd0, 0x91, 0x8b, 0x37, 0xe1, 0xc6, 0x3a, 0x72, 0x0e, 0x87, 0x88, 0xc3, 0x89, 0x1c,
    0x16, 0xbc, 0x33,
};
unsigned char tls_cert[] = {
    0x04, 0xdf, 0x7b, 0x5c, 0x5d, 0xb8, 0x78, 0x8a, 0xbf, 0xd4, 0x61, 0x92, 0x41, 0x33, 0x52,
    0xb2, 0x51, 0x31, 0x4d, 0xf4, 0x03, 0x79, 0xf6, 0x78, 0xec, 0x7f, 0x54, 0xe7, 0x90, 0xd1,
    0x8f, 0x38, 0x73, 0xdd, 0xcc, 0x7c, 0xb2, 0xd3, 0x34, 0x4b, 0x62, 0xf0, 0x43, 0xae, 0x00,
    0x89, 0xcb, 0x04, 0x43, 0x1b, 0x68, 0xa4, 0x1d, 0xf2, 0xf5, 0xb6, 0x31, 0x06, 0x7e, 0x39,
    0x9b, 0xed, 0x8c, 0x04, 0x6e,
};

And here is one that works:

unsigned char tls_key[] = {
    0x0f, 0x24, 0xfc, 0x3d, 0xc4, 0x85, 0x9a, 0xf7, 0x52, 0x1f, 0x18, 0xd3, 0xa4, 0x34, 0x22,
    0xfd, 0x76, 0x49, 0xcb, 0x92, 0xaf, 0x38, 0x2b, 0xfb, 0x2f, 0x90, 0xf1, 0xa4, 0x96, 0x16,
    0x8d, 0xe2,
};
unsigned char tls_cert[] = {
    0x04, 0x4e, 0xa3, 0x7c, 0x4f, 0x93, 0x74, 0x34, 0x7a, 0xc7, 0x45, 0x67, 0xab, 0x77, 0x49,
    0x16, 0x0f, 0x2d, 0x5f, 0x97, 0x95, 0x3e, 0x35, 0x03, 0xd7, 0xb9, 0x24, 0xe5, 0x7e, 0x3c,
    0xd9, 0x70, 0x99, 0x11, 0x61, 0xc3, 0x9a, 0x24, 0xda, 0x5e, 0x76, 0x41, 0x50, 0xa2, 0x28,
    0xa3, 0x35, 0x1f, 0xd3, 0x63, 0x1b, 0xe2, 0x5d, 0x24, 0xf6, 0x18, 0x92, 0x4c, 0x17, 0x6e,
    0xa1, 0x16, 0x04, 0xb2, 0x23,
};

core dump running server

Using apps/server.pem from openssl:master branch:

./cli -c server.pem -k server.pem 127.0.0.1 4433

#0 do_lookup_x (new_hash=new_hash@entry=4245278497, old_hash=old_hash@entry=0x7ffcd3297ba0,
result=result@entry=0x7ffcd3297bb0, scope=, i=i@entry=0, flags=flags@entry=1,
skip=skip@entry=0x0, undef_map=undef_map@entry=0x7f5b6cebb1c8) at dl-lookup.c:98
#1 0x00007f5b6cca1961 in _dl_lookup_symbol_x (undef_name=0x401cd2 "fclose", undef_map=0x7f5b6cebb1c8,
ref=ref@entry=0x7ffcd3297c68, symbol_scope=0x7f5b6cebb520, version=0x7f5b6ce91600,
type_class=type_class@entry=1, flags=1, skip_map=skip_map@entry=0x0) at dl-lookup.c:737
#2 0x00007f5b6cca6527 in _dl_fixup (l=, reloc_arg=) at ../elf/dl-runtime.c:111
#3 0x00007f5b6ccad4d5 in _dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:45
#4 0x0000000000403a6f in main (argc=7, argv=0x7ffcd3298118) at /home/tshort/picotls/git/picotls/t/cli.c:463

Including only the appropriate data type in the argument files doesn't matter.
This is crashing on case 'c', reversing the arguments ('k' first) still crashes at case 'c'.
Running on: Linux my-linux 3.13.0-110-generic #157-Ubuntu SMP
OpenSSL 1.0.1f 6 Jan 2014

updating CHANGELOG

The update stops at 1.3.8.

provide API to track resumed sessions

Traditionally, SSL_get_session and SSL_session_get_id were used to track connections that were being resumed using the secrets derived from a particular full handshake.

We need to provide similar API at server side for debugging network issues related to resumption (e.g. buggy intermediaries that tries to do clever things).

Assert when combining session resume and HRR in QUIC

During the QUIC trial, I observed something strange. Several server allow testing the "stateless retry" function of QUIC. For TLS, that means:

       Client Hello -->
              <-- HRR (with Cookie)
       Client Hello with selected handshake and cookie -->
              <-- Server Hello, etc.

The strangeness happens when the client owns a Resume Ticket. We get:

       Client Hello  + Resume Ticket -->
              <-- HRR (with Cookie)
       Try to process HRR in client (ptls_handshake)
       Assert in "derive_exporter_secret(tls, is_early=1)", complains that *slot is NULL.

I ended up mitigating this with the following hack: set the "ticket" in handshake properties to "NULL" before calling ptls_handshake with the received HRR message.

Draft format on supported_versions

Hi,

i working on TLS 1.3 implementations and try the tool for check if it is good...

And found a issue about draft format
I get :
Extension: supported_versions (len=3)
Type: supported_versions (43)
Length: 3
Supported Versions length: 2
Supported Versions: Unknown (0x7f16)

The problem is about 0x07
With Firefox nighty build, the draft number is "encoded using hexa"
Extension: supported_versions (len=9)
Type: supported_versions (43)
Length: 9
Supported Versions length: 8
Supported Versions: TLS 1.3 (draft 16) (0x7f10)
...
(Google Chrome Canary, use 0x0f0e for draft 14 ?)

I have check the draft spec (4.2.1.1. Draft Version Indicator) and it is no indicate the format

ptls_handshake() returns data after ServerHello

On the client side, once I feed the ServerHello data into ptls_handshake(), it returns zero (indicating that the handshake is done) but also returns 58 bytes of data in sendbuf. What is that data? According to the example code on the wiki, that shouldn't happen?

ptls_load_certificates cert_pem_file should be const char *

ptls_load_certificates could take a const char * cert_pem_file argument

Malformed HRR

I downloaded the latest picotls code yesterday, and in testing it against my own implementation I discovered that picotls does not send a correctly formatted HRR. The HRR that picotls sends indicates a server_version of draft 21 (7f15), but it is formatted based on the syntax from draft 18.

In drafts 16, 17, and 18, HRR was defined as:

      struct {
          ProtocolVersion server_version;
          Extension extensions<2..2^16-1>;
      } HelloRetryRequest;

However, in drafts 19, 20, and 21, HRR is defined as:

      struct {
          ProtocolVersion server_version;
          CipherSuite cipher_suite;
          Extension extensions<2..2^16-1>;
      } HelloRetryRequest;

Illegal parameter alert on second ClientHello

Hi,

I'm testing rustls against picotls. In this case, picotls is the server, rustls is the client. picotls sends a fatal illegal_parameter alert when processing the second ClientHello. This originates from client_hello_decode_server_name: https://github.com/h2o/picotls/blob/master/lib/picotls.c#L1349

Here's a log from the client end:

$ ./target/debug/examples/tlsclient --cache sess.cache --http --verbose --cafile ~/rustls/test-ca/rsa/end.fullchain -p 8443 localhost
INFO:rustls::verify: add_pem_file processed 3 valid and 0 invalid certs
INFO:rustls::client_hs: No cached session for "localhost"
INFO:rustls::client_hs: Not resuming any session
DEBUG:rustls::client_hs: Sending ClientHello Message {
    typ: Handshake,
    version: TLSv1_2,
    payload: Handshake(
        HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: Random {
                        gmt_unix_time: 713557833,
                        opaque: [
                            68,
                            195,
                            210,
                            0,
                            201,
                            146,
                            127,
                            115,
                            234,
                            229,
                            24,
                            177,
                            90,
                            20,
                            172,
                            219,
                            227,
                            185,
                            22,
                            174,
                            172,
                            139,
                            187,
                            158,
                            230,
                            242,
                            251,
                            91
                        ]
                    },
                    session_id: SessionID,
                    cipher_suites: [
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
                    ],
                    compression_methods: [
                        Null
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                Unknown(
                                    32530
                                ),
                                TLSv1_2
                            ]
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        "localhost"
                                    )
                                }
                            ]
                        ),
                        ECPointFormats(
                            [
                                Uncompressed
                            ]
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp384r1,
                                secp256r1
                            ]
                        ),
                        SignatureAlgorithms(
                            [
                                ED25519,
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                                RSA_PKCS1_SHA1
                            ]
                        ),
                        KeyShare(
                            []
                        ),
                        PresharedKeyModes(
                            [
                                DHE_KE,
                                KE
                            ]
                        )
                    ]
                }
            )
        }
    )
}
DEBUG:rustls::client_hs: Got HRR Some(HelloRetryRequest { server_version: Unknown(32530), extensions: [KeyShare(secp256r1)] })
INFO:rustls::client_hs: No cached session for "localhost"
INFO:rustls::client_hs: Not resuming any session
DEBUG:rustls::client_hs: Sending ClientHello Message {
    typ: Handshake,
    version: TLSv1_2,
    payload: Handshake(
        HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: Random {
                        gmt_unix_time: 713557833,
                        opaque: [
                            68,
                            195,
                            210,
                            0,
                            201,
                            146,
                            127,
                            115,
                            234,
                            229,
                            24,
                            177,
                            90,
                            20,
                            172,
                            219,
                            227,
                            185,
                            22,
                            174,
                            172,
                            139,
                            187,
                            158,
                            230,
                            242,
                            251,
                            91
                        ]
                    },
                    session_id: SessionID,
                    cipher_suites: [
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
                    ],
                    compression_methods: [
                        Null
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                Unknown(
                                    32530
                                ),
                                TLSv1_2
                            ]
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        "localhost"
                                    )
                                }
                            ]
                        ),
                        ECPointFormats(
                            [
                                Uncompressed
                            ]
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp384r1,
                                secp256r1
                            ]
                        ),
                        SignatureAlgorithms(
                            [
                                ED25519,
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                                RSA_PKCS1_SHA1
                            ]
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: secp256r1,
                                    payload: PayloadU16(
                                        [
                                            4,
                                            255,
                                            99,
                                            234,
                                            203,
                                            62,
                                            1,
                                            73,
                                            54,
                                            120,
                                            198,
                                            150,
                                            89,
                                            21,
                                            125,
                                            93,
                                            139,
                                            195,
                                            90,
                                            43,
                                            201,
                                            105,
                                            70,
                                            166,
                                            176,
                                            170,
                                            109,
                                            239,
                                            44,
                                            63,
                                            51,
                                            240,
                                            2,
                                            168,
                                            188,
                                            72,
                                            61,
                                            154,
                                            205,
                                            80,
                                            180,
                                            156,
                                            127,
                                            124,
                                            245,
                                            81,
                                            192,
                                            6,
                                            38,
                                            86,
                                            233,
                                            203,
                                            174,
                                            212,
                                            230,
                                            84,
                                            180,
                                            32,
                                            192,
                                            255,
                                            191,
                                            8,
                                            86
                                        ]
                                    )
                                }
                            ]
                        ),
                        PresharedKeyModes(
                            [
                                DHE_KE,
                                KE
                            ]
                        )
                    ]
                }
            )
        }
    )
}
ERROR:rustls::session: TLS alert received: Message {
    typ: Alert,
    version: TLSv1_0,
    payload: Alert(
        AlertMessagePayload {
            level: Fatal,
            description: IllegalParameter
        }
    )
}
TLS error: AlertReceived(IllegalParameter)
Connection closed

Thanks!

ptls_handshake() and retransmissions

I'm not sure if ptls_handshake() handles retransmissions correctly. For example, if a ClientHello is passed in twice (maybe because if got duplicated or quickly retransmitted) it seems to return PTLS_ALERT_HANDSHAKE_FAILURE. Is this supposed to be supported?

(I hit this when running under valgrind, which slows things down enough so that QUIC retransmission timers fire.)

picotls incorrectly sends missing_extension

If the client sends an empty key_share extension, picotls sends a missing_extension alert. It should send a Hello Retry Request instead. Wireshark packet file is attached.

empty_key_share.zip

Documentation for HRR

I am trying to find how to implement HRR in QUIC, and I am not sure how to do such things as:

Tell PicoTLS to not accept the Client Hello and generate a Cookie instead.
Tell the client to consume the cookie: is it sufficient to just send the TLS message through the normal handshake API?
Tell the server to verify the Cookie. Again, is it sufficient to pipe the messages through the handshake API?

If PicoTLS does not in fact support HRR, I suppose that the server application could generate the HRR and the cookie, and that the client could parse it and extract the Cookie extension. Then, client and server could use the handshake extension mechanism to send and verify the cookie. But that's quite a bit of work, and I would rather not have to do that...

Using 25519 with openssl version of picotls

Is there a way to build picotls using the openssl version, but also enable support for 25519 and chacha20? This does not work by default, and is causing some issues in Quic trials.

upper bound for trial decryption of early data

On the server-side, there should be an upper bound for the amount of data that is trial decrypted when the client sends early-data but the server rejects the use of 0-RTT.

Assertion failure on large Certificate

When a large certificate is passed, a too large record is sent. Discovered while testing for an issue related to large records: cloudflare/tls-tris#46

Reproducer:

openssl req -newkey rsa:2048 -x509 -nodes -keyout server.pem -new -out server.pem -subj $(for i in {1..2000};do printf /CN=localhost; done)
cli -c server.pem -k server.pem localhost 4433 &
cli localhost 4433

Output:

cli: lib/picotls.c:477: buffer_encrypt_record: Assertion `bodylen <= PTLS_MAX_PLAINTEXT_RECORD_SIZE' failed.

Backtrace

#4  buffer_encrypt_record () at lib/picotls.c:477
#5  server_handle_hello () at lib/picotls.c:2516
#6  handle_handshake_message () at lib/picotls.c:2880
#7  handle_handshake_record () at lib/picotls.c:2971
#8  handle_input () at lib/picotls.c:3041
#9  ptls_handshake () at lib/picotls.c:3100
#10 run_handshake () at t/cli.c:70
#11 handle_connection () at t/cli.c:161
#12 run_server () at t/cli.c:248
#13 main () at t/cli.c:368
(gdb) p buf->off - rec_start - 5
$3 = 80749

certificate verification does not check the hostname

It's so easy to fail.

OpenSSL 1.1.0 support

Current implementation accesses the member of certain structures directly - we need to use wrappers to support OpenSSL 1.1.0.

Memory leaks

ASAN reports some memleaks in x9_62_create_key_exchange:

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7ff375d13e40 in __interceptor_malloc /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x40778d in x9_62_create_key_exchange lib/openssl.c:180
    #2 0x40778d in secp256r1_create_key_exchange lib/openssl.c:222
    #3 0x418480 in send_client_hello lib/picotls.c:881
    #4 0x418480 in ptls_handshake lib/picotls.c:2330
    #5 0x405236 in run_handshake t/cli.c:67
    #6 0x405236 in handle_connection t/cli.c:149
    #7 0x4044bf in run_client t/cli.c:336
    #8 0x4044bf in main t/cli.c:507
    #9 0x7ff3751e6290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
    #10 0x404799 in _start (/tmp/pico/cli+0x404799)
...
SUMMARY: AddressSanitizer: 3089 byte(s) leaked in 52 allocation(s).

Reproducer:

cmake -GNinja ~/projects/picotls -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fsanitize=address
ninja
ASAN_OPTIONS=fast_unwind_on_malloc=0 ./cli example.com 443

OpenSSL 1.0.2.j

PR 111 (add aes256gcm / sha384 support) broke the TLS handshake

Recent builds of PICOTLS have stopped interoperating with other TLS23 stacks.

When receiving a Server Hello, ptls_handshake() returns an error 0x14, PTLS_ALERT_BAD_RECORD_MAC. This happens when decoding a record of type PTLS_CONTENT_TYPE_APPDATA, length 100 bytes, at line 3156 in picotls.c. The error happens in the call to "aead_decrypt", with algorithm "AES128-GCM" (ptls_openssl_aes128gcm).

Blocking QUIC Interop...

Draft 23?

Is there a way to get draft 23 compliance with picotls?

Memleak related to ctx.certificates

ctx.certificates (in ptls_context_t) is malloc'ed memory and its contents (dst->base via i2d_X509 in t/util.h) is not freed. This results in several memleak report from ASAN:

$ ./cli -4 localhost 4433 -c server.pem -h
Usage: ./cli [options] host port
...
==14645==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 328 byte(s) in 1 object(s) allocated from:
    #0 0x7fa446e62ae9 in __interceptor_malloc /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x7fa4467f4639 in CRYPTO_zalloc (/usr/lib/libcrypto.so.1.1+0x15a639)
    #2 0x7fa446728d07  (/usr/lib/libcrypto.so.1.1+0x8ed07)
    #3 0x7fa446726772  (/usr/lib/libcrypto.so.1.1+0x8c772)
    #4 0x7fa4467272ba in ASN1_item_ex_d2i (/usr/lib/libcrypto.so.1.1+0x8d2ba)
    #5 0x7fa44672733b in ASN1_item_d2i (/usr/lib/libcrypto.so.1.1+0x8d33b)
    #6 0x7fa446807a20 in PEM_ASN1_read_bio (/usr/lib/libcrypto.so.1.1+0x16da20)
    #7 0x7fa446805c48 in PEM_ASN1_read (/usr/lib/libcrypto.so.1.1+0x16bc48)
    #8 0x5602d2974564 in load_certificate_chain /home/peter/projects/picotls/t/util.h:51
    #9 0x5602d2974564 in main /home/peter/projects/picotls/t/cli.c:322
    #10 0x7fa4453dff69 in __libc_start_main (/usr/lib/libc.so.6+0x20f69)
    #11 0x5602d2975489 in _start (/tmp/pico/cli+0x52489)
...

wireshark with key logging for ID 19

wireshark: Wireshark 2.3.0-3008-g71905a3
picotls: the latest of the kazuho/draft19 branch
TLS 1.3 ID 19 server: www.mew.org:13443

I got packet dump between cli and www.mew.org:

% sudo tcpdump -i en0 -s 0 -x -w dump.pcap port 13443

% ./cli -l ~/key.log www.mew.org 13443

This TLS 1.3 ID 19 communication has no problem.

Then I tried to visualize dump.pcap with Wireshark.
Plain parts, CH and SH, are displayed well. (Thank you!)
But after letting key.log to Wireshark, nothing happens.
That is, encrypted record are not decrypted.

Here is key.log:

% cat key.log 
SERVER_HANDSHAKE_TRAFFIC_SECRET bd4e5e9078115ce037cf5280b5e1b343ae778a045b79cdce78b48451f192e140 a4ed5073e772aab348036d0070ea7836ec9c2766b776e5e3299cfd5f883151ac
CLIENT_HANDSHAKE_TRAFFIC_SECRET bd4e5e9078115ce037cf5280b5e1b343ae778a045b79cdce78b48451f192e140 28a138be355b1d431971be591d53658030fb79d51f65271bce6f97b6a0d2c541
SERVER_TRAFFIC_SECRET_0 bd4e5e9078115ce037cf5280b5e1b343ae778a045b79cdce78b48451f192e140 5d9c27a2129f3cbd5f1e9192f2d689bf602ca23a556959a7ddc11e1e6a686dbc
CLIENT_TRAFFIC_SECRET_0 bd4e5e9078115ce037cf5280b5e1b343ae778a045b79cdce78b48451f192e140 eb633ab1cf4abb4a5e9023f4e41cd31b56e48dc5715bd48925e4e2d5aa50b163

Travis build fails with error for some compilers

See https://travis-ci.org/NTAP/quant/jobs/373867853#L1067

Wrong transcript for binders in second ClientHello

There appears to be a problem with the binders computed by picotls clients after HRR, which fail to verify both against OpenSSL and miTLS.

To reproduce, I used picotls/cli -n -s session localhost 443 twice against openssl s_server -www -accept 443 -msg (which produces error:141FA0FD:SSL routines:tls_psk_do_binder:binder does not verify:ssl/statem/extensions.c:1592:) and cmitls -s -hrr 0.0.0.0 443 (which fails with AD_bad_record_mac (binder verification failed)

Support for version 28?

As far as I know, there are no protocol differences between draft 26 and draft 27 or 28. The only change is the "supported version number". Would it be possible to just update that number to 28, now that we support 26? Or, maybe, list support for 26, 27 and 28?

How to run the cli server with minicrypto for key exchange?

For my thesis about TLS 1.3 I need to communicate with the cli server, using minicrypto for the handshake. Is there a simple option to set cli to use minicrypto instead of openssl for key exchange?

I tried to implement it myself, but I find the wiki not very helpful

Warnings while compiling with LibreSSL 2.6.2

This is an up of a thread posted on H2O, but which is related to picotls I presume.

AEAD example (for QUIC)?

After a successful TLS handshake, how does one use the established TLS context to do the AEAD operations that QUIC requires? Is there any example code anywhere? (The AEAD test cases don't really help here, at least not me.)

Error code on HRR cause by keyshare is confusing

If a picotls server receives a client hello that does not contain an acceptable key share, it will correctly send back an HRR. However, in these conditions the "ptls_handshake" API returns PTLS_ERROR_IN_PROGRESS. This confusing, since in other HRR conditions the same API will return PTLS_ERROR_STATELESS_RETRY.
This is particularly confusing when doing QUIC, because "regular" Server Hello are sent in Handshake messages, but HRR should be sent in Stateless Retry messages.

minicrypto equivalent of ptls_openssl_init_verify_certificate?

Is there a minicrypto equivalent of the ptls_openssl_init_verify_certificate() function? The wiki only discusses the openssl case for initializing a client context.

cert_pem_file argument to ptls_load_certificates() could be const

i.e.

int ptls_load_certificates(ptls_context_t *ctx, const char *cert_pem_file)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.