testImplementation(projects.okhttpTestingSupport)
  testImplementation(rootProject.libs.conscrypt.openjdk)
  testImplementation(rootProject.libs.junit.jupiter.engine)
  testImplementation(rootProject.libs.junit.vintage.engine)

  androidTestImplementation(projects.okhttpTestingSupport) {
    exclude("org.openjsse", "openjsse")
    exclude("org.conscrypt", "conscrypt-openjdk-uber")
    exclude("software.amazon.cryptools", "AmazonCorrettoCryptoProvider")

        assertEquals(200, response.code)
        // see https://github.com/google/conscrypt/blob/b9463b2f74df42d85c73715a5f19e005dfb7b802/android/src/main/java/org/conscrypt/Platform.java#L613
        when {
          Build.VERSION.SDK_INT >= 24 -> {
            // Conscrypt 2.5+ defaults to SSLEngine-based SSLSocket
            assertEquals("org.conscrypt.Java8EngineSocket", socketClass)
          }
          Build.VERSION.SDK_INT < 22 -> {

#noinspection UnusedVersionCatalogEntry
codehaus-signature-java18 = "org.codehaus.mojo.signature:java18:1.0"
conscrypt-android = { module = "org.conscrypt:conscrypt-android", version.ref = "org-conscrypt" }
conscrypt-openjdk = { module = "org.conscrypt:conscrypt-openjdk-uber", version.ref = "org-conscrypt" }
converter-moshi = { module = "com.squareup.retrofit2:converter-moshi", version.ref = "retrofit" }

        compileOnly(libs.conscrypt.openjdk)
        implementation(libs.androidx.annotation)
        implementation(libs.androidx.startup.runtime)
      }
    }

    jvmMain {
      dependsOn(commonJvmAndroid)

      dependencies {
        // These compileOnly dependencies must also be listed in applyOsgiMultiplatform() below.
        compileOnly(libs.conscrypt.openjdk)

import mockwebserver3.MockResponse
import mockwebserver3.MockWebServer
import mockwebserver3.junit5.StartStop
import okhttp3.Protocol.HTTP_1_1
import okhttp3.Protocol.HTTP_2
import okhttp3.Provider.CONSCRYPT
import okhttp3.TlsExtensionMode.STANDARD
import okhttp3.TlsVersion.TLS_1_2
import okhttp3.TlsVersion.TLS_1_3
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate

security.

OkHttp uses your platform's built-in TLS implementation. On Java platforms OkHttp also supports
[Conscrypt][conscrypt], which integrates [BoringSSL](https://github.com/google/boringssl) with Java. OkHttp will use Conscrypt if it is
the first security provider:

```java
Security.insertProviderAt(Conscrypt.newProvider(), 1);
```

        is SSLHandshakeException -> {
          // JDK 11+
        }
        is SSLException -> {
          // javax.net.ssl.SSLException: readRecord
        }
        is SocketException -> {
          // Conscrypt, JDK 8 (>= 292), JDK 9
        }
        else -> {
          assertThat(expected.message).isEqualTo("exhausted all routes")
        }
      }
    }
  }

  @Test
  fun commonNameIsNotTrusted() {

    if (platform.isConscrypt()) {
      if (tlsVersion == TlsVersion.TLS_1_3) {
        assertThat(sessionIds[0]).isEmpty()
        assertThat(sessionIds[1]).isEmpty()

        // https://github.com/google/conscrypt/issues/985
        // assertThat(directSessionIds).containsExactlyInAnyOrder(sessionIds[0], sessionIds[1])
      } else {
        assertThat(sessionIds[0]).isNotEmpty()
        assertThat(sessionIds[1]).isNotEmpty()

  private val socketAdapters =
    listOfNotNull(
      StandardAndroidSocketAdapter.buildIfSupported(),
      DeferredSocketAdapter(AndroidSocketAdapter.playProviderFactory),
      // Delay and Defer any initialisation of Conscrypt and BouncyCastle
      DeferredSocketAdapter(ConscryptSocketAdapter.factory),
      DeferredSocketAdapter(BouncyCastleSocketAdapter.factory),
    ).filter { it.isSupported() }

  @Throws(IOException::class)

  "friendsApi"(projects.okhttp)
  api(projects.okhttpTls)
  api(libs.assertk)
  api(libs.bouncycastle.bcprov)
  implementation(libs.bouncycastle.bcpkix)
  implementation(libs.bouncycastle.bctls)
  api(libs.conscrypt.openjdk)
  api(libs.openjsse)

  api(rootProject.libs.junit.jupiter.engine)

  // This runs Corretto on macOS (aarch64) and Linux (x86_64). We don't test Corretto on other
  // operating systems or architectures.