* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package okhttp3.tls.internal

import java.net.InetSocketAddress
import java.net.Socket
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.SSLEngine

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.tls.internal.der

/**
 * The first two bytes of each value is a header that includes its tag (field ID) and length.
 */
internal data class DerHeader(
  /**
   * Namespace of the tag.
   *

import okhttp3.internal.connection.RouteDatabase
import okhttp3.internal.connection.RoutePlanner
import okhttp3.internal.http.RealInterceptorChain
import okhttp3.internal.http.RecordingProxySelector
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.internal.TlsUtil.localhost

/**
 * OkHttp is usually tested with functional tests: these use public APIs to confirm behavior against

import okhttp3.RequestBody.Companion.toRequestBody
import okhttp3.ResponseBody.Companion.toResponseBody
import okhttp3.internal.closeQuietly
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import org.bouncycastle.tls.TlsFatalAlert
import org.junit.jupiter.api.Tag
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.Timeout
import org.junit.jupiter.api.extension.RegisterExtension

@Timeout(30)

  implementation(libs.kotlin.reflect)
  implementation(libs.playservices.safetynet)
  implementation("com.squareup.okhttp3:okhttp:${okhttpLegacyVersion}")
  implementation("com.squareup.okhttp3:okhttp-tls:${okhttpLegacyVersion}") {
    exclude("org.bouncycastle")
  }
  androidTestImplementation("com.squareup.okhttp3:mockwebserver:${okhttpLegacyVersion}")
  androidTestImplementation(libs.bouncycastle.bcprov)

      null, "" -> null
      else -> protocol
    }
  }

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      val bcSocket = sslSocket as BCSSLSocket

      val sslParameters = bcSocket.parameters

      // Enable ALPN.

 */
class BouncyCastlePlatform private constructor() : Platform() {
  private val provider: Provider = BouncyCastleJsseProvider()

  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        "PKIX",
        BouncyCastleJsseProvider.PROVIDER_NAME,
      )

```
.
├── app
│   ├── __init__.py
│   └── main.py
├── Dockerfile
└── requirements.txt
```

#### Behind a TLS Termination Proxy { #behind-a-tls-termination-proxy }

MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY         (on|off)    trust server TLS without verification, defaults to "off" (verify)
MINIO_IDENTITY_LDAP_SERVER_INSECURE         (on|off)    allow plain text connection to AD/LDAP server, defaults to "off"
MINIO_IDENTITY_LDAP_SERVER_STARTTLS         (on|off)    use StartTLS connection to AD/LDAP server, defaults to "off"
```

            trustManagerFactory.init(keyStore);

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

            Curl.get("https://localhost:9200/").sslSocketFactory(sslContext.getSocketFactory()).execute(response -> {