os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint)
	} else {
		// Explicitly set 127.0.0.1 so Console will automatically bypass TLS verification to the local S3 API.
		// This will save users from providing a certificate with IP or FQDN SAN that points to the local host.
		os.Setenv("CONSOLE_MINIO_SERVER", fmt.Sprintf("%s://127.0.0.1:%s", getURLScheme(globalIsTLS), globalMinioPort))
	}

          val cert = peerCertificates[0] as X509Certificate
          throw SSLPeerUnverifiedException(
            """
            |Hostname ${address.url.host} not verified:
            |    certificate: ${CertificatePinner.pin(cert)}
            |    DN: ${cert.subjectDN.name}
            |    subjectAltNames: ${OkHostnameVerifier.allSubjectAltNames(cert)}
            """.trimMargin(),
          )
        } else {

pkg crypto/x509, type Certificate struct, ExcludedEmailAddresses []string
pkg crypto/x509, type Certificate struct, ExcludedIPRanges []*net.IPNet
pkg crypto/x509, type Certificate struct, ExcludedURIDomains []string
pkg crypto/x509, type Certificate struct, PermittedEmailAddresses []string
pkg crypto/x509, type Certificate struct, PermittedIPRanges []*net.IPNet
pkg crypto/x509, type Certificate struct, PermittedURIDomains []string

    e is InterruptedIOException -> false

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false

pkg time, method (Time) ZoneBounds() (Time, Time) #50062
pkg crypto/x509, func ParseCRL //deprecated #50674
pkg crypto/x509, func ParseDERCRL //deprecated #50674
pkg crypto/x509, method (*Certificate) CheckCRLSignature //deprecated #50674
pkg crypto/x509, method (*Certificate) CreateCRL //deprecated #50674
pkg crypto/x509/pkix, type CertificateList //deprecated #50674
pkg crypto/x509/pkix, type TBSCertificateList //deprecated #50674

	}

	if _, ok := claims[subClaim]; ok {
		providerPrefix, _, found := strings.Cut(credentials.ParentUser, getKeySeparator())
		if found {
			return providerPrefix // this is true for certificate and custom providers
		}
		return madmin.OpenIDProvider // openid users are already hashed, so no separator
	}

	return madmin.BuiltinProvider // default to internal
}

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac;

import jcifs.CIFSException;

/**
 * Exception thrown when PAC (Privilege Attribute Certificate) data cannot be decoded.
 * Indicates malformed or invalid PAC structures in Kerberos tickets.
 */
public class PACDecodingException extends CIFSException {

    private static final long serialVersionUID = 1L;

Prior to 1.17 and for existing nodes created by `kubeadm init` where kubelet client certificate rotation is desired, you must modify `/etc/kubernetes/kubelet.conf` to point to the PEM symlink for rotation:

    val client =
      OkHttpClient
        .Builder()
        .sslSocketFactory(sslContext.socketFactory, trustManager)
        .build()

    // An example test URL that returns client certificate details.
    val request =
      Request
        .Builder()
        .url("https://prod.idrix.eu/secure/")
        .build()

    client.newCall(request).execute().use { response ->

    FESS_MAX_MEM=$FESS_HEAP_SIZE
fi

# External opensearch cluster
#SEARCH_ENGINE_HTTP_URL=http://localhost:9200
#FESS_DICTIONARY_PATH=/var/lib/opensearch/config/

# SSL truststore for certificate validation over https
#FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Djavax.net.ssl.trustStore=/tech/elastic/config/truststore.jks"
#FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"