*
 * Supported on OpenJDK 8 via the JettyALPN-boot library or Conscrypt.
 *
 * Supported on OpenJDK 9+ via SSLParameters and SSLSocket features.
 *
 * ### Trust Manager Extraction
 *
 * Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
 * manager that was used to create an [SSLSocketFactory].
 *
 * Not supported by choice on JDK9+ due to access checks.
 *
 * ### Android Cleartext Permit Detection
 *

    had a crash `IllegalArgumentException: Not a Conscrypt trust manager` because we depended on
    initialization order of companion objects.


## Version 4.7.1

_2020-05-18_

 *  Fix: Pass the right arguments in the trust manager created for `addInsecureHost()`. Without the
    fix insecure hosts crash with an `IllegalArgumentException` on Android.

    }
  }

  @Throws(Exception::class)
  private fun processHandshakeFailure(raw: Socket) {
    val context = SSLContext.getInstance("TLS")
    context.init(null, arrayOf<TrustManager>(UNTRUSTED_TRUST_MANAGER), SecureRandom())
    val sslSocketFactory = context.socketFactory
    val socket =
      sslSocketFactory.createSocket(
        raw,
        raw.inetAddress.hostAddress,
        raw.port,
        true,

    health check fails.


## Version 2.7.0

_2015-12-13_

 *  **Rewritten connection management.** Previously OkHttp's connection pool
    managed both idle and active connections for HTTP/2, but only idle
    connections for HTTP/1.x. With this update the connection pool manages both
    idle and active connections for everything. OkHttp now detects and warns on
    connections that were allocated but never released, and will enforce HTTP/2

    lookup for the local hostname, but we really just wanted the `Host` header.
 *  Fix: Don't crash with a `InaccessibleObjectException` when detecting the platform trust manager
    on Java 17+.
 *  Fix: Don't crash if a cookie's value is a lone double quote character.
 *  Fix: Don't crash when canceling an event source created by `EventSources.processResponse()`.

    assertThat(cookie.value).isEqualTo("android")
    assertThat(cookie.comment).isNull()
    assertThat(cookie.commentURL).isNull()
    assertThat(cookie.discard).isFalse()
    assertThat(cookie.maxAge).isGreaterThan(100000000000L)
    assertThat(cookie.path).isEqualTo("/path")
    assertThat(cookie.secure).isTrue()
    assertThat(cookie.version).isEqualTo(0)
  }

  @Test
  fun testRfc2109Response() {

 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the
 * host platform (like Android). In July 2018 Android had 134 trusted root certificates for its HTTP
 * clients to trust.
 *

 * efficient `max-age=0` directive instead:
 *
 * ```java
 * Request request = new Request.Builder()
 *     .cacheControl(new CacheControl.Builder()
 *         .maxAge(0, TimeUnit.SECONDS)
 *         .build())
 *     .url("http://publicobject.com/helloworld.txt")
 *     .build();
 * ```
 *
 * ## Force a Cache Response
 *

"submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall...

  @BeforeEach
  fun setup(server: MockWebServer) {
    this.server = server
    platform.assumeNotBouncyCastle()
  }

  /**
   * The pinner should pull the root certificate from the trust manager.
   */
  @Test
  fun pinRootNotPresentInChain() {
    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
    val rootCa =
      HeldCertificate.Builder()
        .serialNumber(1L)