assertThat(get.headers["Host"]).isEqualTo("android.com")
    assertThat(hostnameVerifier.calls).isEqualTo(
      Arrays.asList("verify android.com"),
    )
  }

  /** Tolerate bad https proxy response when using HttpResponseCache. Android bug 6754912.  */
  @Test
  fun connectViaHttpProxyToHttpsUsingBadProxyAndHttpResponseCache() {
    initResponseCache()

### Other notable changes

- Kubeadm: tolerate whitespace when validating certificate authority PEM data in kubeconfig files ([#86705](https://github.com/kubernetes/kubernetes/pull/86705), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]

clusters, both the old taint `node-role.kubernetes.io/master:NoSchedule` and new taint `node-role.kubernetes.io/control-plane:NoSchedule` will be added to control plane nodes. In release 1.20 (`first stage`), a release note instructed to preemptively tolerate the new taint. For clusters that are being upgraded to 1.24 with `kubeadm upgrade apply`, the command will add the new taint `node-role.kubernetes.io/control-plane:NoSchedule` to existing control plane nodes. Please adapt your infrastructure to these...

- `kubeadm`: will now allow deploying a kubelet that is 3 versions older than the version of `kubeadm` (N-3). This aligns with the recent change made by SIG Architecture that extends the support skew between the control plane and kubelets. Tolerate this new kubelet skew for the commands `init`, `join` and `upgrade`. Note that if the `kubeadm` user applies a control plane version that is older than the `kubeadm` version (N-1 maximum) then the skew between the kubelet and control plane would...

- Fix `kubectl` alpha debug node does not work on tainted(NoExecute) nodes and tolerate everything. ([#98431](https://github.com/kubernetes/kubernetes/pull/98431), [@wawa0210](https://github.com/wawa0210))

  - Please adapt your workloads to tolerate the same future taint preemptively.
    
- Kubeadm: improve the validation of serviceSubnet and podSubnet.

* User can now use `sudo crictl` on GCE cluster. ([#65389](https://github.com/kubernetes/kubernetes/pull/65389), [@Random-Liu](https://github.com/Random-Liu))
* Tolerate missing watch permission when deleting a resource ([#65370](https://github.com/kubernetes/kubernetes/pull/65370), [@deads2k](https://github.com/deads2k))

fips140.RecordApproved() checkApprovedHash(hash) // Note that while we don't commit to deterministic execution with respect // to the rand stream, we also don't apply MaybeReadByte, so per Hyrum's Law // it's probably relied upon by some. It's a tolerable promise because a // well-specified number of random bytes is included in the signature, in a // well-specified way. if saltLength < 0 { return nil, errors.New("crypto/rsa: salt length cannot be negative") } // FIPS 186-5, Section 5.4(g): "the length...