if (!decodeIpv4Suffix(input, groupOffset, limit, address, b - 2)) return null
        b += 2 // We rewound two bytes and then added four.
        break
      } else {
        return null // Wrong delimiter.
      }
    }

    // Read a group, one to four hex digits.
    var value = 0
    groupOffset = i
    while (i < limit) {
      val hexDigit = input[i].parseHexDigit()

    This applies to `Authorization`, `Cookie`, `Proxy-Authorization`, and `Set-Cookie` headers.
 *  Fix: Don't crash with an `InaccessibleObjectException` when running on JDK17+ with strong
    encapsulation enabled.
 *  Fix: Strictly verify hostnames used with OkHttp's `HostnameVerifier`. Programs that make direct
    manual calls to `HostnameVerifier` could be defeated if the hostnames they pass in are not

  }

  @Test
  fun connectViaHttpProxyToHttpsUsingHttpsProxySystemProperty() {
    testConnectViaHttpProxyToHttps(ProxyConfig.HTTPS_PROXY_SYSTEM_PROPERTY)
  }

  /**
   * We were verifying the wrong hostname when connecting to an HTTPS site through a proxy.
   * http://b/3097277
   */
  private fun testConnectViaHttpProxyToHttps(proxyConfig: ProxyConfig) {
    val hostnameVerifier = RecordingHostnameVerifier()

      private var canRemove = false

      override fun hasNext(): Boolean {
        if (nextUrl != null) return true

        canRemove = false // Prevent delegate.remove() on the wrong item!
        while (delegate.hasNext()) {
          try {
            delegate.next().use { snapshot ->
              val metadata = snapshot.getSource(ENTRY_METADATA).buffer()

          CertificatePinner.Builder()
            .add(server.hostName, "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=")
            .build(),
        )
        .build()

    // When we pin the wrong certificate, connectivity fails.
    val request = Request.Builder().url(server.url("/")).build()
    assertFailsWith<SSLPeerUnverifiedException> {
      client.newCall(request).execute()
    }.also { expected ->

  fun reconnectingToNonWebSocket() {
    for (i in 0..29) {
      webServer.enqueue(
        MockResponse.Builder()
          .bodyDelay(100, TimeUnit.MILLISECONDS)
          .body("Wrong endpoint")
          .code(401)
          .build(),
      )
    }
    val request =
      Request.Builder()
        .url(webServer.url("/"))
        .build()

Requirements
------------

OkHttp works on Android 5.0+ (API level 21+) and Java 8+.

OkHttp depends on [Okio][okio] for high-performance I/O and the [Kotlin standard library][kotlin]. Both are small libraries with strong backward-compatibility.

We highly recommend you keep OkHttp up-to-date. As with auto-updating web browsers, staying current
with HTTPS clients is an important defense against potential security problems. [We

    of unacknowledged data per stream and no per-connection limit.

 *  Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We
    had a severe bug where web sockets were closed on the wrong thread, which caused
    `NullPointerException` crashes in `Deflater`.

 *  Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released

   * connection is fine the ping will receive a pong; otherwise it won't.
   *
   * The deadline to respond to this ping attempts to limit the cost of being wrong. If it is too
   * long, streams created while we await the pong will reuse broken connections and inevitably
   * fail. If it is too short, slow connections will be marked as failed and extra TCP and TLS

            byteString = okHttpCertificate.signatureValue.byteString.offByOneBit(),
          ),
      )
    assertThat(okHttpCertificateWithBadSignature.checkSignature(root.keyPair.public)).isFalse()

    // Wrong public key.
    assertThat(okHttpCertificate.checkSignature(certificate.keyPair.public)).isFalse()
  }

  @Test
  fun `EC issuer and signature`() {
    val root =
      HeldCertificate.Builder()