fun get(): Platform = platform

    fun resetForTests(platform: Platform = findPlatform()) {
      this.platform = platform
    }

    fun alpnProtocolNames(protocols: List<Protocol>) = protocols.filter { it != Protocol.HTTP_1_0 }.map { it.toString() }

    // This explicit check avoids activating in Android Studio with Android specific classes
    // available when running plugins inside the IDE.
    val isAndroid: Boolean

 *   at okhttp3.Connection.connect(Connection.java)
 *   at okhttp3.Connection.connectAndSetOwner(Connection.java)
 * ```
 *
 * Follow up by pasting the public key hashes from the exception into the
 * certificate pinner's configuration:
 *
 * ```java
 * CertificatePinner certificatePinner = new CertificatePinner.Builder()
 *     .add("publicobject.com", "sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=")

    val handshake = makeRequest(client)

    assertThat(handshake.cipherSuite).isIn(*expectedModernTls13CipherSuites.toTypedArray())

    // TODO: filter down to TLSv1.3 when only activated.
    // Probably something like
    // TLS_AES_128_GCM_SHA256
    // TLS_AES_256_GCM_SHA384
    // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

            unverifiedHandshake.peerCertificates,
            address.url.host,
          )
        }
      this.handshake = handshake

      // Check that the certificate pinner is satisfied by the certificates presented.
      certificatePinner.check(address.url.host) {
        handshake.peerCertificates.map { it as X509Certificate }
      }

        CertificateAdapters.subjectPublicKeyInfo.fromDer(
          subjectKeyPair.public.encoded.toByteString(),
        )
      val subject: List<List<AttributeTypeAndValue>> = subject()

      // Issuer/signer keys & identity. May be the subject if it is self-signed.
      val issuerKeyPair: KeyPair
      val issuer: List<List<AttributeTypeAndValue>>
      if (signedBy != null) {
        issuerKeyPair = signedBy!!.keyPair

    // In the process we made one successful connection attempt.
    assertThat(listener.recordedEventTypes().filter { it == "ConnectStart" }).hasSize(2)
    assertThat(listener.recordedEventTypes().filter { it == "ConnectFailed" }).hasSize(1)
    assertThat(listener.recordedEventTypes().filter { it == "ConnectEnd" }).hasSize(1)
  }

  @Test
  fun reachesIpv6WhenIpv4IsDown() {
    serverIpv4.shutdown()

OkHttp 2.x Change Log
=====================

## Version 2.7.5

_2016-02-25_

 *  Fix: Change the certificate pinner to always build full chains. This
    prevents a potential crash when using certificate pinning with the Google
    Play Services security provider.


## Version 2.7.4

_2016-02-07_

 *  Fix: Don't crash when finding the trust manager if the Play Services (GMS)
    security provider is installed.

import okio.ByteString.Companion.toByteString

/**
 * Logs SSL keys to a log file, allowing Wireshark to decode traffic and be examined with http2
 * filter. The approach is to hook into JSSE log events for the messages between client and server
 * during handshake, and then take the agreed masterSecret from private fields of the session.
 *

pied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict which certificates and certificate authorities are trusted. Certificate pinning increases security, but limits your server team’s abilities to update their TLS certificates. **Do not use certificate pinning without the blessing of your...

        is SSLHandshakeException -> {
          // On Android, the handshake fails before the certificate pinner runs.
          assertThat(expected.message!!).contains("Could not validate certificate")
        }
        is SSLPeerUnverifiedException -> {
          // On OpenJDK, the handshake succeeds but the certificate pinner fails.
          assertThat(expected.message!!).startsWith("Certificate pinning failure!")
        }