*/
  val handshake: Handshake?
  val requestUrl: HttpUrl?

  /**
   * Returns the name of the server the client requested via the SNI (Server Name Indication)
   * attribute in the TLS handshake. Unlike the rest of the HTTP exchange, this name is sent in
   * cleartext and may be monitored or blocked by a proxy or other middlebox.
   */
  val handshakeServerNames: List<String>

  init {
    if (socket is SSLSocket) {

In OkHttp some fields of the address come from the URL (scheme, hostname, port) and the rest come from the [OkHttpClient](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/).

### [Routes](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-route/)

import assertk.assertions.hasMessage
import assertk.assertions.isEqualTo
import assertk.assertions.isNull
import kotlin.test.Ignore
import kotlin.test.Test
import kotlin.test.assertEquals
import kotlin.test.assertFailsWith
import kotlin.test.fail
import okhttp3.HttpUrl.Companion.toHttpUrl
import okhttp3.UrlComponentEncodingTester.Encoding
import okhttp3.testing.PlatformVersion

fun interface Authenticator {
  /**
   * Returns a request that includes a credential to satisfy an authentication challenge in
   * [response]. Returns null if the challenge cannot be satisfied.
   *
   * The route is best effort, it currently may not always be provided even when logically
   * available. It may also not be provided when an authenticator is re-used manually in an

## Version 4.7.0

_2020-05-17_

 *  New: `HandshakeCertificates.Builder.addInsecureHost()` makes it easy to turn off security in
    private development environments that only carry test data. Prefer this over creating an
    all-trusting `TrustManager` because only hosts on the allowlist are insecure. From
    [our DevServer sample][dev_server]:

    ```kotlin

      chrome33,
      chrome57,
      safari12Osx,
    )

  val orderBy = okhttp.enabled + chrome80.enabled + safari12Osx.enabled + rest(clients)
  val survey = CipherSuiteSurvey(clients = clients, ianaSuites = ianaSuitesNew, orderBy = orderBy)

  survey.printGoogleSheet()
}

fun rest(clients: List<Client>): List<SuiteId> {
  // combine all ciphers to get these near the top
  return clients.flatMap { it.enabled }

 * and initializing on first use.
 *
 * We use this because eager classpath checks cause confusion and excessive logging in Android,
 * and we can't rely on classnames after proguard, so are probably best served by falling through
 * to a situation of trying our least likely noisiest options.
 */
class DeferredSocketAdapter(private val socketAdapterFactory: Factory) : SocketAdapter {
  private var delegate: SocketAdapter? = null

   * scheduled. If the task is already in the queue, the earliest execution time is used.
   *
   * The target execution time is implemented on a best-effort basis. If another task in this queue
   * is running when that time is reached, that task is allowed to complete before this task is
   * started. Similarly the task will be delayed if the host lacks compute resources.
   *

    responseCode != HTTP_NOT_MODIFIED
  ) {
    return true
  }

  // If the Content-Length or Transfer-Encoding headers disagree with the response code, the
  // response is malformed. For best compatibility, we honor the headers.
  if (headersContentLength() != -1L ||
    "chunked".equals(header("Transfer-Encoding"), ignoreCase = true)
  ) {
    return true
  }

  return false
}

 *    match additional prefixes (`us-west.www.publicobject.com`) or suffixes (`publicobject.com`).
 *
 *  * **Any number of subdomains**: Use two asterisks to like `**.publicobject.com` to match any
 *    number of prefixes (`us-west.www.publicobject.com`, `www.publicobject.com`) including no
 *    prefix at all (`publicobject.com`). For most applications this is the best way to configure
 *    certificate pinning.
 *