""".trimIndent(),
      )
    assertThat(verifier.verify("foo.com", session)).isFalse()
    assertThat(verifier.verify("a.foo.com", session)).isFalse()
    assertThat(verifier.verify("bar.com", session)).isFalse()
    assertThat(verifier.verify("a.bar.com", session)).isFalse()
    assertThat(verifier.verify("\u82b1\u5b50.co.jp", session)).isFalse()
    assertThat(verifier.verify("a.\u82b1\u5b50.co.jp", session)).isFalse()
  }

verify: ## verify minio various setups
	@echo "Verifying build with race"
	@GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null
	@(env bash $(PWD)/buildscripts/verify-build.sh)

verify-healing: ## verify healing and replacing disks with minio binary
	@echo "Verify healing build with race"

sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth
client_tls_key   (path)      path to client key for mTLS auth

    !!! tip
        Prefer to use the `Annotated` version if possible.

    ```Python hl_lines="105  107-115"
    {!> ../../../docs_src/security/tutorial005.py!}
    ```

## Verify the `username` and data shape

We verify that we get a `username`, and extract the scopes.

## Hash and verify the passwords

Import the tools we need from `passlib`.

Create a PassLib "context". This is what will be used to hash and verify passwords.

!!! tip
    The PassLib context also has functionality to use different hashing algorithms, including deprecated old ones only to allow verifying them, etc.

MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN     (list)      ";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com"
MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY          (on|off)    trust server TLS without verification, defaults to "off" (verify)
MINIO_IDENTITY_LDAP_SERVER_INSECURE          (on|off)    allow plain text connection to AD/LDAP server, defaults to "off"

 * addresses nor hostnames; they will be verified as IP addresses (which is a more strict
 * verification).
 */
private val VERIFY_AS_IP_ADDRESS = "([0-9a-fA-F]*:[0-9a-fA-F:.]*)|([\\d.]+)".toRegex()

/** Returns true if this string is not a host name and might be an IP address. */
fun String.canParseAsIpAddress(): Boolean = VERIFY_AS_IP_ADDRESS.matches(this)

/**

                tmpTestFiles.keys
            )
            cleanUp(tmpTestFiles.keys)
            projectPathToLeftoverFiles[projectPath] = tmpTestFiles
        }

        // Third run: verify and throw exceptions
        val exceptions = mutableListOf<Exception>()
        parameters.projectStates.get()
            .filter { projectPathToLeftoverFiles.containsKey(it.key) }

        .socket(peer.openSocket())
        .pushObserver(Http2ConnectionTest.IGNORE)
        .listener(realConnection)
        .build()
    connection.start(sendConnectionPreface = false)

    // verify the peer received the ACK
    val ackFrame = peer.takeFrame()
    assertThat(ackFrame.type).isEqualTo(Http2.TYPE_SETTINGS)
    assertThat(ackFrame.streamId).isEqualTo(0)
    assertThat(ackFrame.ack).isTrue()

      // block for session establishment
      val sslSocketSession = sslSocket.session
      val unverifiedHandshake = sslSocketSession.handshake()

      // Verify that the socket's certificates are acceptable for the target host.
      if (!address.hostnameVerifier!!.verify(address.url.host, sslSocketSession)) {
        val peerCertificates = unverifiedHandshake.peerCertificates
        if (peerCertificates.isNotEmpty()) {