}
          throw IOException("Unexpected code $response")
        }
        println(response.body.string())

        for (peerCertificate in response.handshake?.peerCertificates.orEmpty()) {
          println((peerCertificate as X509Certificate).subjectDN)
        }
      }
  }
}

fun main() {
  CustomTrust().run()

    val recordedRequest = server.takeRequest()
    assertThat(recordedRequest.handshakeServerNames).containsExactly(url.host)
  }

  /**
   * Use different hostnames for the TLS handshake (including SNI) and the HTTP request (in the
   * Host header).
   */
  @Test
  fun domainFronting() {
    val heldCertificate =
      HeldCertificate.Builder()
        .commonName("server name")

	public fun responseHeadersStart (Lokhttp3/Call;)V
	public fun satisfactionFailure (Lokhttp3/Call;Lokhttp3/Response;)V
	public fun secureConnectEnd (Lokhttp3/Call;Lokhttp3/Handshake;)V
	public fun secureConnectStart (Lokhttp3/Call;)V
}

public final class okhttp3/logging/LoggingEventListener$Companion {
}

    val call1 = localClient.newCall(Request(server.url("/")))

    call1.execute().use { response ->
      assertThat(response.body.string()).isEqualTo("Req1")
      assertThat(response.handshake).isNotNull()
      assertThat(response.protocol == Protocol.HTTP_1_1)
    }

    eventListener.closed = true

    val call2 = localClient.newCall(Request(server.url("/")))

```
export MINIO_KMS_KES_KEY_PASSWORD=<your-password>
```

Note that MinIO only supports encrypted private keys - not encrypted certificates.
Certificates are no secrets and sent in plaintext as part of the TLS handshake.

## Explore Further

- [Use `mc` with MinIO Server](https://min.io/docs/minio/linux/reference/minio-mc.html)
- [Use `aws-cli` with MinIO Server](https://min.io/docs/minio/linux/integrations/aws-cli-with-minio.html)

    val response = client.newCall(request).execute()

    response.use {
      assertEquals(200, response.code)
      assertEquals(
        "CN=localhost",
        (response.handshake!!.peerCertificates.single() as X509Certificate).subjectDN.name,
      )
    }
  }

  private fun enableTls() {
    client =
      client.newBuilder()
        .sslSocketFactory(

  }

  /**
   * Invoked immediately after a TLS connection was attempted.
   *
   * This method is invoked after [secureConnectStart].
   */
  open fun secureConnectEnd(
    call: Call,
    handshake: Handshake?,
  ) {
  }

  /**
   * Invoked immediately after a socket connection was attempted.
   *
   * If the `call` uses HTTPS, this will be invoked after [secureConnectEnd], otherwise it will

    // Read error: ssl=0x7fd1d8d0fee8: Failure in SSL library, usually a protocol error
    if (!platform.isConscrypt()) {
      assertThat(event.exception).hasMessage("Unexpected handshake message: client_hello")
    }
  }

  @Test
  @Throws(IOException::class)
  fun multipleConnectsForSingleCall() {
    enableTls()
    server!!.enqueue(MockResponse(socketPolicy = FailHandshake))

 * blast radius possible. If an HTTP/2 stream is active, canceling will cancel that stream but not
 * the other streams sharing its connection. But if the TLS handshake is still in progress then
 * canceling may break the entire connection.
 */
class RealCall(
  val client: OkHttpClient,
  /** The application's original request unadulterated by redirects or auth headers. */

        .url(server.url("/"))
        .post(AsyncRequestBody())
        .build()
    val call = client.newCall(request)
    call.timeout()
      .timeout(500, TimeUnit.MILLISECONDS) // Long enough for the first TLS handshake.
    call.execute().use { response ->
      val requestBody = (call.request().body as AsyncRequestBody?)!!.takeSink()
      val responseBody = response.body.source()
      assertThat(responseBody.readUtf8Line())