"extends": [
    "config:base",
    ":dependencyDashboard",
    "schedule:weekly"
  ],
  "labels": ["renovate"],
  "ignoreDeps": [
    "com.squareup.okhttp3:okhttp",
    "com.squareup.okhttp3:okhttp-tls",
    "com.squareup.okhttp3:mockwebserver"
  ],
  "packageRules": [
    {
      "matchPackagePatterns": [
        "biz.*"
      ],
      "groupName": "bnd"
    },
    {
      "matchPackagePatterns": [

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package target

import (
	"crypto/tls"
	"crypto/x509"
	"encoding/json"
	"errors"
	"fmt"
	"net/url"
	"os"
	"path/filepath"
	"time"

	mqtt "github.com/eclipse/paho.mqtt.golang"
	"github.com/minio/minio/internal/event"

import kotlin.test.assertFailsWith
import okhttp3.tls.internal.der.CertificateAdapters.generalNameDnsName
import okhttp3.tls.internal.der.CertificateAdapters.generalNameIpAddress
import okhttp3.tls.internal.der.ObjectIdentifiers.BASIC_CONSTRAINTS
import okhttp3.tls.internal.der.ObjectIdentifiers.COMMON_NAME
import okhttp3.tls.internal.der.ObjectIdentifiers.SHA256_WITH_RSA_ENCRYPTION
import okhttp3.tls.internal.der.ObjectIdentifiers.SUBJECT_ALTERNATIVE_NAME

 *  Fix: Use literal IP addresses directly rather than passing them to `DnsOverHttps`.
 *  Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings
    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,
    `org.bouncycastle`, and `org.openjsse`.
 *  Upgrade: Explicitly depend on `kotlin-stdlib-jdk8`. This fixes a problem with dependency

# CL 157090043 crypto/tls: support TLS_FALLBACK_SCSV as a server., Adam Langley <******@****.***>
pkg crypto/tls, const TLS_FALLBACK_SCSV = 22016
pkg crypto/tls, const TLS_FALLBACK_SCSV uint16

# CL 107400043 crypto/tls: Added dynamic alternative to NameToCertificate map for SNI, Percy Wegmann <******@****.***>
pkg crypto/tls, type ClientHelloInfo struct
pkg crypto/tls, type ClientHelloInfo struct, CipherSuites []uint16

import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"time"

	envoy_admin "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
	auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"

	"istio.io/istio/istioctl/pkg/util/configdump"
	"istio.io/istio/pkg/log"
)

// SecretItemDiff represents a secret that has been diffed between nodeagent and proxy
type SecretItemDiff struct {

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package target

import (
	"bytes"
	"context"
	"crypto/tls"
	"encoding/json"
	"errors"
	"fmt"
	"net"
	"net/http"
	"net/url"
	"os"
	"path/filepath"
	"strings"
	"syscall"
	"time"

	"github.com/minio/minio/internal/event"

 *
 * Pinning certificates limits your server team's abilities to update their TLS certificates. By
 * pinning certificates, you take on additional operational complexity and limit your ability to
 * migrate between certificate authorities. Do not use certificate pinning without the blessing of
 * your server's TLS administrator!
 *
 * ### Note about self-signed certificates
 *

            trustManagerFactory.init(keyStore);

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

            Curl.get("https://localhost:9200/").sslSocketFactory(sslContext.getSocketFactory()).execute(response -> {

  fun setUp(server: MockWebServer) {
    this.server = server

    // Default after JDK 14, but we are avoiding tests that assume special setup.
    // System.setProperty("jdk.tls.client.enableSessionTicketExtension", "true")
    // System.setProperty("jdk.tls.server.enableSessionTicketExtension", "true")

    // IllegalStateException: Cannot resume session and session creation is disabled
    platform.assumeNotBouncyCastle()
  }