Please be considerate of your servers and their operators as you roll out this release. Compression
saves bandwidth but it costs CPU and memory! If you run into a problem you may need to adjust or
disable the `permessage-deflate` compression settings on your server.

Note that OkHttp won't use compression when sending messages smaller than 1 KiB.

 *  Fix: Don't crash when the URL hostname contains an underscore on Android.

 * that will not accept the [TLS_FALLBACK_SCSV] cipher, thus bypassing server-side fallback
 * checks on platforms that support it. Unfortunately this wrapping will disable any
 * reflection-based calls to SSLSocket from Platform.
 */
class FallbackTestClientSocketFactory(
  delegate: SSLSocketFactory,
) : DelegatingSSLSocketFactory(delegate) {

import javax.net.ssl.SSLEngine
import javax.net.ssl.X509ExtendedTrustManager
import okhttp3.internal.peerName
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement

/**
 * This extends [X509ExtendedTrustManager] to disable verification for a set of hosts.
 *
 * Note that the superclass [X509ExtendedTrustManager] isn't available on Android until version 7
 * (API level 24).
 */
@IgnoreJRERequirement

 *  Fix: Release the connection if `Authenticator` throws an exception.
 *  Fix: Change the declaration of `OkHttpClient.cache()` to return a `@Nullable Cache`. The return
    value has always been nullable but it wasn't declared properly.
 *  Fix: Reverse suppression of connect exceptions. When both a call and its retry fail, we now
    throw the initial exception which is most likely to be actionable.

import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.X509TrustManager

/** This extends [X509TrustManager] for Android to disable verification for a set of hosts. */
internal class InsecureAndroidTrustManager(
  private val delegate: X509TrustManager,
  private val insecureHosts: List<String>,
) : X509TrustManager {

    only one fallback, to SSLv3. Applications can now configure this with the
    `ConnectionSpec` class.

    To disable TLS fallback:

    ```java
    client.setConnectionSpecs(Arrays.asList(
        ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT));
    ```

    To disable cleartext connections, permitting `https` URLs only:

    ```java
    client.setConnectionSpecs(Arrays.asList(

 *  Upgrade: [Okio 3.7.0][okio_3_7_0].


## Version 5.0.0-alpha.11

_2022-12-24_

 *  New: Enable fast fallback by default. It's our implementation of Happy Eyeballs,
    [RFC 8305][rfc_8305]. Disable with `OkHttpClient.Builder.fastFallback(false)`.
 *  Fix: Don't log response bodies for server-sent events.
 *  Fix: Skip early hints (status code 103) responses.
 *  Fix: Don't log sensitive headers in `Request.toString()`.

    /**
     * Sets the HTTP proxy that will be used by connections created by this client. This takes
     * precedence over [proxySelector], which is only honored when this proxy is null (which it is
     * by default). To disable proxy use completely, call `proxy(Proxy.NO_PROXY)`.
     */
    fun proxy(proxy: Proxy?) =
      apply {
        if (proxy != this.proxy) {
          this.routeDatabase = null
        }

    } else {
      readMessageFrame()
    }
  }

  @Throws(IOException::class, ProtocolException::class)
  private fun readHeader() {
    if (closed) throw IOException("closed")

    // Disable the timeout to read the first byte of a new frame.
    val b0: Int
    val timeoutBefore = source.timeout().timeoutNanos()
    source.timeout().clearTimeout()
    try {
      b0 = source.readByte() and 0xff

      return InetSocketAddress(hostName, portField)
    }

  /**
   * True if ALPN is used on incoming HTTPS connections to negotiate a protocol like HTTP/1.1 or
   * HTTP/2. This is true by default; set to false to disable negotiation and restrict connections
   * to HTTP/1.1.
   */
  var protocolNegotiationEnabled: Boolean = true

  /**