## Version 4.7.0

_2020-05-17_

 *  New: `HandshakeCertificates.Builder.addInsecureHost()` makes it easy to turn off security in
    private development environments that only carry test data. Prefer this over creating an
    all-trusting `TrustManager` because only hosts on the allowlist are insecure. From
    [our DevServer sample][dev_server]:

    ```kotlin
    val clientCertificates = HandshakeCertificates.Builder()

        ******@****.***()
      }
    }.apply {
      timeout(client.callTimeoutMillis.toLong(), MILLISECONDS)
    }

  private val executed = AtomicBoolean()

  // These properties are only accessed by the thread executing the call.

  /** Initialized in [callStart]. */
  private var callStackTrace: Any? = null

  /** Finds an exchange to send the next request and receive the next response. */

  }

  /**
   * Returns true if this connection's route has the same address as any of [candidates]. This
   * requires us to have a DNS address for both hosts, which only happens after route planning. We
   * can't coalesce connections that use a proxy, since proxies don't tell us the origin server's IP
   * address.
   */
  private fun routeMatchesAny(candidates: List<Route>): Boolean {

      },
      logger = logger,
    )

  /** Runs all tasks that are ready. Used by the test thread only. */
  fun runTasks() {
    advanceUntil(nanoTime)
  }

  /** Advance the simulated clock, then runs tasks that are ready. Used by the test thread only. */
  fun advanceUntil(newTime: Long) {
    taskRunner.assertThreadDoesntHoldLock()

    taskRunner.lock.withLock {

      }
      frameHeader(
        streamId = 0,
        length = 0,
        type = TYPE_SETTINGS,
        flags = FLAG_ACK,
      )
      sink.flush()
    }
  }

  /**
   * HTTP/2 only. Send a push promise header block.
   *
   * A push promise contains all the headers that pertain to a server-initiated request, and a
   * `promisedStreamId` to which response frames will be delivered. Push promise frames are sent as

 *  New: Don't include the `Content-Length` header in multipart bodies. Servers must delimit
    OkHttp's request bodies using the boundary only. (This change makes OkHttp more consistent with
    browsers and other HTTP clients.)
 *  New: Drop the `tunnelProxy` argument in `MockWebServer.useHttps()`. This change only impacts
    the OkHttp 5.x API which uses the `mockwebserver3` package.

   * We always do timeouts in the HTTP server role. For clients, we only do timeouts after the
   * request is transmitted. This is only interesting for duplex calls where the request and
   * response may be interleaved.
   *
   * Read this value only once for each enter/exit pair because its value can change.
   */

    //  2. EVICTABLE: Connections not required by any address policy. This matches connections that
    //     don't participate in any policy, plus connections whose policies won't be violated if the
    //     connection is closed. We only close these if the idle connection limit is exceeded.
    //
    // Also count the evictable connections to find out if we must close an EVICTABLE connection
    // before its keepAliveDurationNs is reached.

      isTlsFallback = false,
    )
  }

  /**
   * Returns a request that creates a TLS tunnel via an HTTP proxy. Everything in the tunnel request
   * is sent unencrypted to the proxy server, so tunnels include only the minimum set of headers.
   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the

  // Internal state of this connection is guarded by 'lock'. No blocking operations may be
  // performed while holding this lock!
  //
  // Socket writes are guarded by frameWriter.
  //
  // Socket reads are unguarded but are only made by the reader thread.
  //
  // Certain operations (like SYN_STREAM) need to synchronize on both the frameWriter (to do
  // blocking I/O) and this (to create streams). Such operations must synchronize on 'this' last.