* certificate is signed by the certificate that follows, and the last certificate is a trusted CA
 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)

      if (urlIterator.next().startsWith("https://www.google.com/")) {
        urlIterator.remove()
      }
    }
```

### Troubleshooting

1. Valid cacheable responses are not being cached

Make sure you are reading responses fully as unless they are read fully, cancelled or stalled Responses will not be cached.

### Overriding normal cache behaviour

import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.decodeCertificatePem

class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view
  // https://publicobject.com (Comodo) and https://squareup.com (Entrust). But they aren't
  // sufficient to connect to most HTTPS sites including https://godaddy.com and https://visa.com.

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3

/**
 * Marks declarations that are experimental and subject to change without following SemVer
 * conventions. Both binary and source-incompatible changes are possible, including complete removal
 * of the experimental API.
 *
 * Do not use these APIs in modules that may be executed using a version of OkHttp different from

import okhttp3.tls.HandshakeCertificates;

public final class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view
  // https://publicobject.com (Comodo) and https://squareup.com (Entrust). But they aren't
  // sufficient to connect to most HTTPS sites including https://godaddy.com and https://visa.com.

   * 3.7.0 this is also true. But OkHttp 3.3.1 through 3.6.0 treated these as different.
   */
  @Test
  fun forJavaName_fromLegacyEnumName() {
    // These would have been considered equal in OkHttp 3.3.1, but now aren't.
    assertThat(forJavaName("SSL_RSA_EXPORT_WITH_RC4_40_MD5"))
      .isEqualTo(forJavaName("TLS_RSA_EXPORT_WITH_RC4_40_MD5"))
    assertThat(forJavaName("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"))

 * The performance of these calls on the underlying network. If the network’s performance isn’t sufficient, you need to either improve the network or use less of it.

### EventListener

        val stories = HpackJsonUtil.readStories(interopTestName)
        result.addAll(stories)
      }
      return result
    }

    /**
     * Checks if `expected` and `observed` are equal when viewed as a set and headers are
     * deduped.
     *
     * TODO: See if duped headers should be preserved on decode and verify.
     */
    private fun assertSetEquals(
      message: String,
      expected: List<Header>,

  // Ask the server for its URL. You'll need this to make HTTP requests.
  HttpUrl baseUrl = server.url("/v1/chat/");

  // Exercise your application code, which should make those HTTP requests.
  // Responses are returned in the same order that they are enqueued.
  Chat chat = new Chat(baseUrl);

  chat.loadMore();
  assertEquals("hello, world!", chat.messages());

  chat.loadMore();
  chat.loadMore();
  assertEquals(""

    else -> skip(newline + 1)
  }
}

/**
 * Reads lines from `IdnaMappingTable.txt`.
 *
 * Comment lines are either blank or start with a `#` character. Lines may also end with a comment.
 * All comments are ignored.
 *
 * Regular lines contain fields separated by semicolons.
 *
 * The first element on each line is a single hex code point (like 0041) or a hex code point range