// rogue CA is trusted) but it should fail certificate pinning.
    val request =
      Request
        .Builder()
        .url(server.url("/"))
        .build()
    val call = client.newCall(request)
    assertFailsWith<SSLPeerUnverifiedException> {
      call.execute()
    }.also { expected ->
      // Certificate pinning fails!

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false

 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate>

  companion object {

      <groupId>com.squareup.okio</groupId>
      <artifactId>okio</artifactId>
      <version>1.0.1</version>
    </dependency>
    ```

 *  **New APIs to permit easy certificate pinning.** Be warned, certificate
    pinning is dangerous and could prevent your application from trusting your
    server!

 *  **Cache improvements.** This release fixes some severe cache problems

     * If the host platform is compromised or misconfigured this may contain untrustworthy root
     * certificates. Applications that connect to a known set of servers may be able to mitigate
     * this problem with [certificate pinning][CertificatePinner].
     */
    fun addPlatformTrustedCertificates() =
      apply {
        val platformTrustManager = Platform.get().platformTrustManager()

    )
    server.enqueue(MockResponse())
    assertFailsWith<SSLPeerUnverifiedException> {
      val response = execute(url)
      response.close()
    }
  }

  /** Can still coalesce when pinning is used if pins match.  */
  @Test
  fun coalescesWhenCertificatePinsMatch() {
    val pinner =
      CertificatePinner
        .Builder()
        .add("san.com", pin(certificate.certificate))
        .build()

Just run `gradlew -p benchmarks run` from the project root
directory. It will build all microbenchmarks, execute them and print
the result.

## Running Microbenchmarks

Running via an IDE is not supported as the results are meaningless
because we have no control over the JVM running the benchmarks.

If you want to run a specific benchmark class like, say,
`MemoryStatsBenchmark`, you can use `--args`:

```

   * Sec-Token-Binding}</a> header field name.
   *
   * @since 25.1
   */
  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";

  /**
   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
   * Sec-Provided-Token-Binding-ID}</a> header field name.
   *
   * @since 25.1
   */

OkHttp 3.x Change Log
=====================

## Version 3.14.9

_2020-05-17_

 *  Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable
    platform-specific TLS features OkHttp must detect whether it's running in a JVM or in Android.
    The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!


## Version 3.14.8

_2020-04-28_

    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
    enableTls()
    server.enqueue(MockResponse())
    server.enqueue(MockResponse())

    // Make a first request without certificate pinning. Use it to collect certificates to pin.
    val request1 = Request.Builder().url(server.url("/")).build()
    val response1 = client.newCall(request1).execute()
    val certificatePinnerBuilder = CertificatePinner.Builder()