_2020-05-17_

 *  New: `HandshakeCertificates.Builder.addInsecureHost()` makes it easy to turn off security in
    private development environments that only carry test data. Prefer this over creating an
    all-trusting `TrustManager` because only hosts on the allowlist are insecure. From
    [our DevServer sample][dev_server]:

    ```kotlin
    val clientCertificates = HandshakeCertificates.Builder()
        .addPlatformTrustedCertificates()

  @Test
  fun handshakeCertificates() {
    val handshakeCertificates = HandshakeCertificates.Builder().build()
    val keyManager: X509KeyManager = handshakeCertificates.keyManager
    val trustManager: X509TrustManager = handshakeCertificates.trustManager
    val sslSocketFactory: SSLSocketFactory = handshakeCertificates.sslSocketFactory()
    val sslContext: SSLContext = handshakeCertificates.sslContext()
  }

  @Test

 * your server's TLS administrator!
 *
 * ### Note about self-signed certificates
 *
 * [CertificatePinner] can not be used to pin self-signed certificate if such certificate is not
 * accepted by [javax.net.ssl.TrustManager].
 *
 * See also [OWASP: Certificate and Public Key Pinning][owasp].
 *
 * [charles]: http://charlesproxy.com
 * [fiddler]: http://fiddlertool.com
 * [langley]: http://goo.gl/AIx3e5

        )
        .addNetworkInterceptor(networkInterceptor)
        .addInterceptor(applicationInterceptor)
        .sslSocketFactory(
          handshakeCertificates.sslSocketFactory(),
          handshakeCertificates.trustManager,
        )
        .hostnameVerifier(hostnameVerifier)
        .build()
    host = "${server.hostName}:${server.port}"
    url = server.url("/")
  }

  @Test
  fun levelGetter() {

  }

  private fun enableTlsWithTunnel() {
    client =
      client.newBuilder()
        .sslSocketFactory(
          handshakeCertificates.sslSocketFactory(),
          handshakeCertificates.trustManager,
        )
        .hostnameVerifier(RecordingHostnameVerifier())
        .build()
    server.useHttps(handshakeCertificates.sslSocketFactory())
  }

  @Test

        clientTestRule.newClientBuilder()
          .protocols(listOf(Protocol.HTTP_2, Protocol.HTTP_1_1))
          .sslSocketFactory(
            handshakeCertificates.sslSocketFactory(),
            handshakeCertificates.trustManager,
          )
          .hostnameVerifier(RecordingHostnameVerifier())
          .build()
      scheme = "https"
    } else {
      server.protocols = listOf(Protocol.H2_PRIOR_KNOWLEDGE)
      client =

 *  New: Accept user-provided trust managers in `OkHttpClient.Builder`. This
    allows OkHttp to satisfy its TLS requirements directly. Otherwise OkHttp
    will use reflection to extract the `TrustManager` from the
    `SSLSocketFactory`.
 *  New: Support prerelease Java 9. This gets ALPN from the platform rather than
    relying on the alpn-boot bootclasspath override.