@SuppressLint("NewApi")
  @IgnoreJRERequirement // This function is overridden to require API >= 24.
  open fun getHandshakeServerNames(sslSocket: SSLSocket): List<String> {
    val session = sslSocket.session as? ExtendedSSLSession ?: return listOf()
    return session.requestedServerNames.mapNotNull { (it as? SNIHostName)?.asciiName }
  }

  @Throws(IOException::class)
  open fun connectSocket(
    socket: Socket,

      i++
    }
    val groupLength = i - groupOffset
    if (groupLength == 0 || groupLength > 4) return null // Group is the wrong size.

    // We've successfully read a group. Assign its value to our byte array.
    address[b++] = (value.ushr(8) and 0xff).toByte()
    address[b++] = (value and 0xff).toByte()
  }

  // All done. If compression happened, we need to move bytes to the right place in the

 *  Fix: Read the response even if writing the request fails. This means you'll get a proper HTTP
    response even if the server rejects your request body.
 *  Fix: Use literal IP addresses directly rather than passing them to `DnsOverHttps`.
 *  Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings
    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,

        .build()
    val session = session(heldCertificate.certificatePem())
    assertThat(verifier.verify("foo.com", session)).isFalse()
    assertThat(verifier.verify("bar.com", session)).isFalse()
    assertThat(verifier.verify("k.com", session)).isTrue()
    assertThat(verifier.verify("K.com", session)).isTrue()
    assertThat(verifier.verify("\u2121.com", session)).isFalse()

    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      try {
        // Enable session tickets.
        setUseSessionTickets.invoke(sslSocket, true)

        // Assume platform support on 24+
        if (hostname != null && Build.VERSION.SDK_INT <= 23) {

    val size: Int = formBody.size()
  }

  @Test @Disabled
  fun handshake() {
    val handshake: Handshake =
      Handshake.get((localhost().sslSocketFactory().createSocket() as SSLSocket).session)
    val tlsVersion: TlsVersion = handshake.tlsVersion()
    val cipherSuite: CipherSuite = handshake.cipherSuite()
    val peerCertificates: List<Certificate> = handshake.peerCertificates()

  integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==

object-assign@^4:
  version "4.1.1"
  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
  integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==

    flow control window. We had a few bugs where window size accounting was broken when streams
    were canceled or reset.
 *  Fix: Recover gracefully if the TLS session returns an unexpected version (`NONE`) or cipher
    suite (`SSL_NULL_WITH_NULL_NULL`).
 *  Fix: Don't change Conscrypt configuration globally. We migrated from a process-wide setting to
    configuring only OkHttp's TLS sockets.

        .sslSocketFactory(CustomSSLSocketFactory(client.sslSocketFactory), client.x509TrustManager!!)
        .hostnameVerifier { hostname, session ->
          val s = "hostname: $hostname peerHost:${session.peerHost}"
          Log.d("SniOverrideTest", s)
          try {
            val cert = session.peerCertificates[0] as X509Certificate
            for (name in cert.subjectAlternativeNames) {
              if (name[0] as Int == 2) {

          ) as SSLSocket
        sslSocket.use {
          sslSocket.useClientMode = false
          sslSocket.wantClientAuth = true
          sslSocket.startHandshake()
          return@submit sslSocket.session.handshake()
        }
      }
    }
  }

  private fun doClientHandshake(
    client: HandshakeCertificates,
    serverAddress: InetSocketAddress,
  ): Future<Handshake> {