override fun checkServerTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    socket: Socket,
  ) {
    if (socket.peerName() !in insecureHosts) {
      delegate.checkServerTrusted(chain, authType, socket)
    }
  }

  override fun checkServerTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    engine: SSLEngine,
  ) {

import okhttp3.internal.connection.Exchange
import okhttp3.internal.connection.RealCall

/**
 * A concrete interceptor chain that carries the entire interceptor chain: all application
 * interceptors, the OkHttp core, all network interceptors, and finally the network caller.
 *
 * If the chain is for an application interceptor then [exchange] must be null. Otherwise it is for
 * a network interceptor and [exchange] must be non-null.
 */

import java.io.IOException
import okhttp3.Interceptor.Chain
import okio.Buffer
import okio.BufferedSink
import okio.ForwardingSink
import okio.Sink
import okio.buffer

/** Rewrites the request body sent to the server to be all uppercase.  */
class UppercaseRequestInterceptor : Interceptor {
  @Throws(IOException::class)
  override fun intercept(chain: Chain): Response {
    return chain.proceed(uppercaseRequest(chain.request()))
  }

import okhttp3.internal.stripBody
import okio.buffer

/** This is the last interceptor in the chain. It makes a network call to the server. */
class CallServerInterceptor(private val forWebSocket: Boolean) : Interceptor {
  @Throws(IOException::class)
  override fun intercept(chain: Interceptor.Chain): Response {
    val realChain = chain as RealInterceptorChain
    val exchange = realChain.exchange!!
    val request = realChain.request

/**
 * A connection user that is a specific [RealCall].
 */
internal class CallConnectionUser(
  private val call: RealCall,
  private val poolConnectionListener: ConnectionListener,
  private val chain: RealInterceptorChain,
) : ConnectionUser {
  private val eventListener: EventListener
    get() = call.eventListener

  override fun addPlanToCancel(connectPlan: ConnectPlan) {
    call.plansToCancel += connectPlan

RESOURCE NAME      TYPE           STATUS     VALID CERT     SERIAL NUMBER                        NOT AFTER                NOT BEFORE
secret/default     Cert Chain     ACTIVE     false          6fbee254c22900615cb1f74e3d2f1713     2023-05-16T01:32:52Z     2023-05-15T01:30:52Z

## Jalankan kode

Semua blok-blok kode dapat disalin dan digunakan langsung (Mereka semua sebenarnya adalah file python yang sudah teruji).

Untuk menjalankan setiap contoh, salin kode ke file `main.py`, dan jalankan `uvicorn` dengan:

<div class="termy">

```console
$ uvicorn main:app --reload

    val cleaner = get(root)
    assertFailsWith<SSLPeerUnverifiedException> {
      cleaner.clean(certificates, "hostname")
    }
  }

  /** Returns a chain starting at the leaf certificate and progressing to the root.  */
  private fun chainOfLength(length: Int): List<HeldCertificate> {
    val result = mutableListOf<HeldCertificate>()
    for (i in 1..length) {
      result.add(

  /**
   * Returns a cleaned chain for [chain].
   *
   * This method throws if the complete chain to a trusted CA certificate cannot be constructed.
   * This is unexpected unless the trust root index in this class has a different trust manager than
   * what was used to establish [chain].
   */
  @Throws(SSLPeerUnverifiedException::class)
  override fun clean(
    chain: List<Certificate>,
    hostname: String,

import okhttp3.internal.platform.Platform

/**
 * Computes the effective certificate chain from the raw array returned by Java's built in TLS APIs.
 * Cleaning a chain returns a list of certificates where the first element is `chain[0]`, each
 * certificate is signed by the certificate that follows, and the last certificate is a trusted CA
 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to