*  Fix: Read the response even if writing the request fails. This means you'll get a proper HTTP
    response even if the server rejects your request body.
 *  Fix: Use literal IP addresses directly rather than passing them to `DnsOverHttps`.
 *  Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings
    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,

          ) as SSLSocket
        sslSocket.use {
          sslSocket.useClientMode = false
          sslSocket.wantClientAuth = true
          sslSocket.startHandshake()
          return@submit sslSocket.session.handshake()
        }
      }
    }
  }

  private fun doClientHandshake(
    client: HandshakeCertificates,
    serverAddress: InetSocketAddress,
  ): Future<Handshake> {

  private const val ALT_DNS_NAME = 2
  private const val ALT_IPA_NAME = 7

  override fun verify(
    host: String,
    session: SSLSession,
  ): Boolean {
    return if (!host.isAscii()) {
      false
    } else {
      try {
        verify(host, session.peerCertificates[0] as X509Certificate)
      } catch (_: SSLException) {
        false
      }
    }
  }

  fun verify(

      }

      // Force handshake. This can throw!
      sslSocket.startHandshake()
      // block for session establishment
      val sslSocketSession = sslSocket.session
      val unverifiedHandshake = sslSocketSession.handshake()

      // Verify that the socket's certificates are acceptable for the target host.

     *
     * Next is the response status line, followed by the number of HTTP response header lines,
     * followed by those lines.
     *
     * HTTPS responses also contain SSL session information. This begins with a blank line, and then
     * a line containing the cipher suite. Next is the length of the peer certificate chain. These

    }.also { expected ->
      assertThat(expected.message).isEqualTo("Too many follow-up requests: 21")
    }
  }

  /**
   * We had a bug where we were passing a null route to the authenticator.
   * https://github.com/square/okhttp/issues/3809
   */
  @Test
  fun authenticateWithNoConnection() {
    server.enqueue(
      MockResponse(
        code = 401,

  /**
   * Returns the time that this cookie expires, in the same format as [System.currentTimeMillis].
   * This is December 31, 9999 if the cookie is not [persistent], in which case it will expire at the
   * end of the current session.
   *
   * This may return a value less than the current time, in which case the cookie is already
   * expired. Webservers may return expired cookies as a mechanism to delete previously set cookies

    val formBody: FormBody = builder.build()
  }

  @Test
  fun handshake() {
    var handshake: Handshake =
      (localhost().sslSocketFactory().createSocket() as SSLSocket).session.handshake()
    val listOfCertificates: List<Certificate> = listOf()
    handshake =
      Handshake.get(
        TlsVersion.TLS_1_3,
        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

        @Suppress("DEPRECATION")
        protocolsCopy.remove(Protocol.SPDY_3)

        if (protocolsCopy != this.protocols) {
          this.routeDatabase = null
        }

        // Assign as an unmodifiable list. This is effectively immutable.
        this.protocols = Collections.unmodifiableList(protocolsCopy)
      }

    /**

   * was acquired, or null if no connection was acquired. The acquired connection will also be
   * given to [connectionUser] who may (for example) assign it to a [RealCall.connection].
   *
   * This confirms the returned connection is healthy before returning it. If this encounters any
   * unhealthy connections in its search, this will clean them up.
   *