return false
	}
	if f := dt.Field[0]; f.Name != "unused" || f.Type.Common().Name != "int" {
		return false
	}
	return true
}

// baseBadPointerTypedef reports whether the base of a chain of typedefs is a bad typedef
// as badPointerTypedef reports.
func (c *typeConv) baseBadPointerTypedef(dt *dwarf.TypedefType) bool {
	for {
		if t, ok := dt.Type.(*dwarf.TypedefType); ok {
			dt = t
			continue

		GetValidationContext().
		GetTrustedCa().
		GetInlineBytes()

	// seems as though the most straightforward way to tell whether this is a root ca or not
	// is to check whether the inline bytes of the cert chain or the trusted ca field is zero length
	if len(certChainSecret) > 0 {
		builder.Data(string(certChainSecret))
	} else if len(caDataSecret) > 0 {
		builder.Data(string(caDataSecret))
	}

	Certificates []*CertsDump                `json:"certificates"`
}

type CertsDump struct {
	Identity  string  `json:"identity"`
	State     string  `json:"state"`
	CertChain []*Cert `json:"cert_chain"`
}

type Cert struct {
	Pem            string `json:"pem"`
	SerialNumber   string `json:"serial_number"`
	ValidFrom      string `json:"valid_from"`
	ExpirationTime string `json:"expiration_time"`

			// We need a pod IP - if the pod was added via the CNI plugin, that plugin told us the IPs
			// for the pod. If this is a pod added via informer, the pod should have already gone thru
			// the CNI plugin chain, and have a PodIP.
			//
			// If PodIPs exists, it is preferred, otherwise fallback to PodIP.
			//
			// If we get to this point and have a pod that really and truly has no IP in either of those,

			Optional:    true,
			Type:        "duration",
		},
		config.HelpKV{
			Key:         target.NATSCertAuthority,
			Description: "path to certificate chain of the target NATS server",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         target.NATSClientCert,
			Description: "client cert for NATS mTLS auth",

		// fmt.Printf("Upcoming: %s %s\n", req.Method, req.URL.String())
		// for i, c := range via {
		// 	fmt.Printf("Sofar %d: %s %s\n", i, c.Method, c.URL.String())
		// }
		// Save the last request in a redirect chain.
		lastReq = req
		// We do not follow redirect back to client application.
		if req.URL.Path == "/oauth_callback" {
			return http.ErrUseLastResponse
		}
		return nil
	}

	// the policy lookup would ambiguous.
	if r.TLS == nil {
		writeSTSErrorResponse(ctx, w, ErrSTSInsecureConnection, errors.New("No TLS connection attempt"))
		return
	}

	// A client may send a certificate chain such that we end up
	// with multiple peer certificates. However, we can only accept
	// a single client certificate. Otherwise, the certificate to
	// policy mapping would be ambiguous.

	DB.Create(&address)

	var result AddressByZipCode
	DB.First(&result, "00501")

	AssertEqual(t, result, address)
}

func TestSearchWithEmptyChain(t *testing.T) {
	user := User{Name: "search_with_empty_chain", Age: 1}
	DB.Create(&user)

	var result User
	if DB.Where("").Where("").First(&result).Error != nil {
		t.Errorf("Should not raise any error if searching with empty strings")
	}

	result = User{}

			// print the rest of the cert chain
			for _, ca := range secret.CertChain {
				n := new(big.Int)
				n, _ = n.SetString(ca.SerialNumber, 10)
				fmt.Fprintf(w, "%v\t%v\t%v\t%v\t%x\t%v\t%v\n",
					secret.Identity, "Cert Chain", secret.State, certNotExpired(ca), n, valueOrNA(ca.ExpirationTime), valueOrNA(ca.ValidFrom))
			}
		}
	}
	return w.Flush()

	CertDir string

	// Timeout is how long to wait before giving up on XDS
	Timeout time.Duration

	// InsecureSkipVerify skips client verification the server's certificate chain and host name.
	InsecureSkipVerify bool

	// XDSSAN is the expected Subject Alternative Name of the XDS server
	XDSSAN string

	// Plaintext forces plain text communication (for talking to port 15010)
	Plaintext bool