assertThat(CertificateAdapters.extension.toDer(extension))
      .isEqualTo(bytes)
    assertThat(CertificateAdapters.extension.fromDer(bytes))
      .isEqualTo(extension)
  }

  /** Tags larger than 30 are a special case. */
  @Test fun `large tag`() {
    val bytes = "df83fb6800".decodeHex()

    val adapter = Adapters.NULL.withTag(tagClass = DerHeader.TAG_CLASS_PRIVATE, tag = 65_000L)

    compressing outbound web socket messages. Configure this with 0L to always compress outbound
    messages and `Long.MAX_VALUE` to never compress outbound messages. The default is 1024L which
    compresses messages of size 1 KiB and larger. (Inbound messages are compressed or not based on
    the web socket server's configuration.)
 *  New: Defer constructing `Inflater` and `Deflater` instances until they are needed. This saves

 *
 * This class may be used to stream very large responses. For example, it is possible to use this
 * class to read a response that is larger than the entire memory allocated to the current process.
 * It can even stream a response larger than the total storage on the current device, which is a
 * common requirement for video streaming applications.
 *

    // All other connections created will expire sooner
    routePlanner.defaultConnectionIdleAtNanos = expireSooner

    // Turn it into an http/2 connection that supports 5 concurrent streams
    // which can satisfy a larger policy
    val connection = routePlanner.plans.first().connection
    val http2Connection = connectHttp2(peer, connection, 5)
    setPolicy(pool, address, ConnectionPool.AddressPolicy(5))

    assertThat(hpackReader!!.getAndResetHeaderList()).isEqualTo(headerBlock)
  }

  /**
   * HPACK has a max header table size, which can be smaller than the max header message. Ensure the
   * larger header content is not lost.
   */
  @Test
  fun tooLargeToHPackIsStillEmitted() {
    bytesIn.writeByte(0x21) // Dynamic table size update (size = 1).
    bytesIn.writeByte(0x00) // Literal indexed

   * servers it should be the agreed-upon extensions immediately.
   */
  private var extensions: WebSocketExtensions?,
  /** If compression is negotiated, outbound messages of this size and larger will be compressed. */
  private var minimumDeflateSize: Long,
  private val webSocketCloseTimeout: Long,
) : WebSocket, WebSocketReader.FrameCallback {
  private val key: String

          distribution: 'zulu'
          java-version: 17

      - name: Enable KVM group perms
        # https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/
        run: |
          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
          sudo udevadm control --reload-rules

      }
    }
  }

  /**
   * Not checking the CA bit created a vulnerability in old OkHttp releases. It is exploited by
   * triggering different chains to be discovered by the TLS engine and our chain cleaner. In this
   * attack there's several different chains.
   *
   *
   * The victim's gets a non-CA certificate signed by a CA, and pins the CA root and/or
   * intermediate. This is business as usual.
   *