}
        } else if (platformSystemProperty == CONSCRYPT_PROPERTY) {
          if (Security.getProviders()[0].name != "Conscrypt") {
            if (!Conscrypt.isAvailable()) {
              System.err.println("Warning: Conscrypt not available")
            }

            val provider =
              Conscrypt
                .newProviderBuilder()
                .provideTrustManager(true)
                .build()

        assertEquals(200, response.code)
        // see https://github.com/google/conscrypt/blob/b9463b2f74df42d85c73715a5f19e005dfb7b802/android/src/main/java/org/conscrypt/Platform.java#L613
        when {
          Build.VERSION.SDK_INT >= 24 -> {
            // Conscrypt 2.5+ defaults to SSLEngine-based SSLSocket
            assertEquals("org.conscrypt.Java8EngineSocket", socketClass)
          }

          // JDK 11+
        }

        is SSLException -> {
          // javax.net.ssl.SSLException: readRecord
        }

        is SocketException -> {
          // Conscrypt, JDK 8 (>= 292), JDK 9
        }

        else -> {
          assertThat(expected.message).isEqualTo("exhausted all routes")
        }
      }
    }
  }

  @Test

 *  Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings
    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,
    `org.bouncycastle`, and `org.openjsse`.
 *  Upgrade: Explicitly depend on `kotlin-stdlib-jdk8`. This fixes a problem with dependency
    locking. That's a potential security vulnerability, tracked as [CVE-2022-24329].

        compileOnly(libs.conscrypt.openjdk)
        implementation(libs.androidx.annotation)
        implementation(libs.androidx.startup.runtime)
      }
    }

    jvmMain {
      dependsOn(commonJvmAndroid)

      dependencies {
        // These compileOnly dependencies must also be listed in applyOsgiMultiplatform() below.
        compileOnly(libs.conscrypt.openjdk)

 * Conscrypt.
 *
 * [iana_tls_parameters]: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
 * [sslengine]: https://developer.android.com/reference/javax/net/ssl/SSLEngine.html
 * [oracle_providers]: https://docs.oracle.com/javase/10/security/oracle-providers.htm
 * [conscrypt_providers]: https://github.com/google/conscrypt/blob/master/common/src/main/java/org/conscrypt/NativeCrypto.java

          - provider: openjsse
            java-version: 8
          - provider: bouncycastle
            java-version: 21
          - provider: corretto
            java-version: 21
          - provider: conscrypt
            java-version: 21

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Configure JDK
        uses: actions/setup-java@v5
        with:

internal fun Socket.closeQuietly() {
  try {
    close()
  } catch (e: AssertionError) {
    throw e
  } catch (rethrown: RuntimeException) {
    if (rethrown.message == "bio == null") {
      // Conscrypt in Android 10 and 11 may throw closing an SSLSocket. This is safe to ignore.
      // https://issuetracker.google.com/issues/177450597
      return
    }
    throw rethrown
  } catch (_: Exception) {
  }
}

 *  Fix: Don't silently ignore calls to `EventSource.cancel()` made from
    `EventSourceListener.onOpen()`.
 *  Fix: Enforce the max intermediates constraint when using pinned certificates with Conscrypt.
    This impacts Conscrypt when the server's presented certificates form both a trusted-but-unpinned
    chain and an untrusted-but-pinned chain.
 *  Upgrade: [Kotlin 1.6.10][kotlin_1_6_10].


## Version 5.0.0-alpha.3

codehaus-signature-java18 = { module = "org.codehaus.mojo.signature:java18", version.ref = "codehaus-signature-java18" }
conscrypt-android = { module = "org.conscrypt:conscrypt-android", version.ref = "org-conscrypt" }
conscrypt-openjdk = { module = "org.conscrypt:conscrypt-openjdk-uber", version.ref = "org-conscrypt" }
square-retrofit-converter-moshi = { module = "com.squareup.retrofit2:converter-moshi", version.ref = "square-retrofit" }