import assertk.assertions.isEqualTo
import java.security.cert.Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import kotlin.test.assertFailsWith
import okhttp3.internal.tls.CertificateChainCleaner.Companion.get
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import org.junit.jupiter.api.Test

class CertificateChainCleanerTest {
  @Test
  fun equalsFromCertificate() {
    val rootA =
      HeldCertificate

pkg crypto/tls, type QUICConfig struct #44886
pkg crypto/tls, type QUICConfig struct, TLSConfig *Config #44886
pkg crypto/tls, type QUICConn struct #44886
pkg crypto/tls, type QUICEncryptionLevel int #44886
pkg crypto/tls, type QUICEventKind int #44886
pkg crypto/tls, type QUICEvent struct #44886
pkg crypto/tls, type QUICEvent struct, Data []uint8 #44886
pkg crypto/tls, type QUICEvent struct, Kind QUICEventKind #44886

 *  limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.Certificate
import java.security.cert.X509Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.platform.Platform

/**
 * Computes the effective certificate chain from the raw array returned by Java's built in TLS APIs.

import okhttp3.internal.connectionAccessor
import okhttp3.internal.exchangeAccessor
import okhttp3.internal.platform.OpenJSSEPlatform
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import org.junit.jupiter.api.Assertions.assertEquals
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Disabled
import org.junit.jupiter.api.Test

   */
  HTTP_3("h3"),
  ;

  /**
   * Returns the string used to identify this protocol for ALPN, like "http/1.1", "spdy/3.1" or
   * "h2".
   *
   * See also [IANA tls-extensiontype-values][iana].
   *
   * [iana]: https://www.iana.org/assignments/tls-extensiontype-values
   */
  override fun toString(): String = protocol

  companion object {
    /**
     * Returns the protocol identified by `protocol`.
     *

      events += "plan $id TLS connecting..."

      taskFaker.sleep(tlsConnectDelayNanos)

      return when {
        tlsConnectThrowable != null -> {
          events += "plan $id TLS connect failed"
          ConnectResult(this, nextPlan = connectTlsNextPlan, throwable = tlsConnectThrowable)
        }
        canceled -> {
          events += "plan $id TLS connect canceled"

      "plan 0 cancel",
      "plan 1 TLS connecting...",
      "plan 1 TLS connected",
      "plan 2 TCP connecting...",
    )

    taskFaker.advanceUntil(270.ms)
    assertEvents(
      "plan 0 TCP connect canceled",
    )

    taskFaker.advanceUntil(280.ms)
    assertEvents(
      "plan 2 TCP connected",
      "plan 2 TLS connecting...",
      "plan 2 TLS connected",
    )

# How to secure access to MinIO server with TLS [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

This guide explains how to configure MinIO Server with TLS certificates on Linux and Windows platforms.

1. [Install MinIO Server](#install-minio-server)
2. [Use an Existing Key and Certificate with MinIO](#use-an-existing-key-and-certificate-with-minio)

По умолчанию TLS (HTTPS) использует порт `443`. Потому этот же порт будем использовать и мы.

И раз уж только один процесс может слушать этот порт, то это будет процесс **прокси-сервера завершения работы TLS**.

Прокси-сервер завершения работы TLS будет иметь доступ к одному или нескольким **TLS-сертификатам** (сертификаты HTTPS).

a connection to an HTTPS server, OkHttp needs to know which [TLS versions](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would be limited to only the latest TLS version and strongest cipher suites.

Specific security...