systemDefault(
    name = System.getProperty("java.vm.name"),
    version = System.getProperty("java.version"),
    ianaSuites = ianaSuites,
  )

fun conscrypt(ianaSuites: IanaSuites): Client {
  val version = Conscrypt.version()
  return systemDefault(
    name = "Conscrypt",
    version = "${version.major()}.${version.minor()}",
    ianaSuites = ianaSuites,
  )
}

fun systemDefault(
  name: String,
  version: String,

import okhttp3.internal.platform.android.DeferredSocketAdapter
import okhttp3.internal.platform.android.SocketAdapter
import okhttp3.internal.platform.android.StandardAndroidSocketAdapter
import org.conscrypt.Conscrypt
import org.junit.Assert.assertFalse
import org.junit.Assert.assertNotNull
import org.junit.Assert.assertNull
import org.junit.Assert.assertTrue
import org.junit.Assume.assumeFalse
import org.junit.Assume.assumeTrue

 * prefer other mechanisms where they exist, such as with
 * [okhttp3.internal.platform.AndroidPlatform.AndroidCertificateChainCleaner].
 *
 * This class includes code from [Conscrypt's][Conscrypt] [TrustManagerImpl] and
 * [TrustedCertificateIndex].
 *
 * [Conscrypt]: https://conscrypt.org/
 */
class BasicCertificateChainCleaner(
  private val trustRootIndex: TrustRootIndex,
) : CertificateChainCleaner() {
  /**

        assertEquals(200, response.code)
        // see https://github.com/google/conscrypt/blob/b9463b2f74df42d85c73715a5f19e005dfb7b802/android/src/main/java/org/conscrypt/Platform.java#L613
        when {
          Build.VERSION.SDK_INT >= 24 -> {
            // Conscrypt 2.5+ defaults to SSLEngine-based SSLSocket
            assertEquals("org.conscrypt.Java8EngineSocket", socketClass)
          }
          Build.VERSION.SDK_INT < 22 -> {

        socketMode.tlsExtensionMode == STANDARD,
      "failing for channel and h2",
    )

    if (socketMode is TlsInstance) {
      assumeTrue((socketMode.provider == CONSCRYPT) == platform.isConscrypt())
    }

    val client =
      clientTestRule
        .newClientBuilder()
        .dns { listOf(InetAddress.getByName("localhost")) }
        .callTimeout(4, SECONDS)

 * limitations under the License.
 */
package okhttp3

import java.io.IOException
import java.security.Security
import okhttp3.internal.platform.Platform
import org.conscrypt.Conscrypt

// TLS 1.3
private val TLS13_CIPHER_SUITES =
  listOf(
    CipherSuite.TLS_AES_128_GCM_SHA256,
    CipherSuite.TLS_AES_256_GCM_SHA384,
    CipherSuite.TLS_CHACHA20_POLY1305_SHA256,

        compileOnly(libs.conscrypt.openjdk)
        implementation(libs.androidx.annotation)
        implementation(libs.androidx.startup.runtime)
      }
    }

    jvmMain {
      dependsOn(commonJvmAndroid)

      dependencies {
        // These compileOnly dependencies must also be listed in applyOsgiMultiplatform() below.
        compileOnly(libs.conscrypt.openjdk)

#noinspection UnusedVersionCatalogEntry
codehaus-signature-java18 = "org.codehaus.mojo.signature:java18:1.0"
conscrypt-android = { module = "org.conscrypt:conscrypt-android", version.ref = "org-conscrypt" }
conscrypt-openjdk = { module = "org.conscrypt:conscrypt-openjdk-uber", version.ref = "org-conscrypt" }
converter-moshi = { module = "com.squareup.retrofit2:converter-moshi", version.ref = "retrofit" }

-dontwarn org.codehaus.mojo.animal_sniffer.*

# OkHttp platform used only on JVM and when Conscrypt and other security providers are available.
# May be used with robolectric or deliberate use of Bouncy Castle on Android
-dontwarn okhttp3.internal.platform.**
-dontwarn org.conscrypt.**

security.

OkHttp uses your platform's built-in TLS implementation. On Java platforms OkHttp also supports
[Conscrypt][conscrypt], which integrates [BoringSSL](https://github.com/google/boringssl) with Java. OkHttp will use Conscrypt if it is
the first security provider:

```java
Security.insertProviderAt(Conscrypt.newProvider(), 1);
```