errSFTPUserHasNoPolicies  = errors.New("no policies present on this account")
	errSFTPLDAPNotEnabled     = errors.New("ldap authentication is not enabled")
)

// if the sftp parameter --trusted-user-ca-key is set, then
// the final form of the key file will be set as this variable.
var globalSFTPTrustedCAPubkey ssh.PublicKey

// https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.22.0:ssh/common.go;l=46

### Est-ce que la concurrence est mieux que le parallélisme ?

Nope ! C'est ça la morale de l'histoire.

 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root
 * Pinned certificates for publicobject.com:
 *     sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

        val parameters = sslSocket.sslParameters
        Log.d("CustomSSLSocketFactory", "old applicationProtocols: $parameters.applicationProtocols")
        parameters.applicationProtocols = arrayOf("x-amzn-http-ca")
        sslSocket.sslParameters = parameters
      }

      return sslSocket
    }
  }

  var client = OkHttpClient()

  @Test
  fun getWithCustomSocketFactory() {
    client =
      client

av: авар мацӀ
ay: aymar aru
az: azərbaycan dili
ba: башҡорт теле
be: беларуская мова
bg: български език
bh: भोजपुरी
bi: Bislama
bm: bamanankan
bn: বাংলা
bo: བོད་ཡིག
br: brezhoneg
bs: bosanski jezik
ca: Català
ce: нохчийн мотт
ch: Chamoru
co: corsu
cr: ᓀᐦᐃᔭᐍᐏᐣ
cs: čeština
cu: ѩзыкъ словѣньскъ
cv: чӑваш чӗлхи
cy: Cymraeg
da: dansk
de: Deutsch
dv: Dhivehi
dz: རྫོང་ཁ
ee: Eʋegbe
el: Ελληνικά

                 sts_ep='http://localhost:9000'):
        self.cid = cid
        self.csec = csec
        self.idp_ep = idp_ep
        self.sts_ep = sts_ep

        # Load CA certificates from SSL_CERT_FILE file if set
        ca_certs = os.environ.get('SSL_CERT_FILE')
        if not ca_certs:
            ca_certs = certifi.where()

        self._http = urllib3.PoolManager(

   *
   * This class exploits knowledge of Android implementation details. This class is potentially
   * much faster to initialize than [BasicTrustRootIndex] because it doesn't need to load and
   * index trusted CA certificates.
   */
  internal data class CustomTrustRootIndex(
    private val trustManager: X509TrustManager,
    private val findByIssuerAndSignatureMethod: Method,
  ) : TrustRootIndex {

	// a single client certificate. Otherwise, the certificate to
	// policy mapping would be ambiguous.
	// However, we can filter all CA certificates and only check
	// whether they client has sent exactly one (non-CA) leaf certificate.
	const MaxIntermediateCAs = 10
	var (
		peerCertificates = make([]*x509.Certificate, 0, len(r.TLS.PeerCertificates))
		intermediates    *x509.CertPool

needs to be trusted. For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of...

needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of...