OkHttp v4.2.0 Release Notes
Release Date: 2019-09-10 // over 4 years ago-
2019-09-10
New: API to decode a certificate and private key to create a
HeldCertificate
. This accepts a string containing both a certificate and PKCS #8-encoded private key.val heldCertificate = HeldCertificate.decode(""" |-----BEGIN CERTIFICATE----- |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl |cmluZzERMA8GA1UEAxMIY2FzaC5hcHAwHhcNNzAwMTAxMDAwMDA1WhcNNzAwMTAx |MDAwMDEwWjApMRQwEgYDVQQLEwtlbmdpbmVlcmluZzERMA8GA1UEAxMIY2FzaC5h |cHAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASda8ChkQXxGELnrV/oBnIAx3dD |ocUOJfdz4pOJTP6dVQB9U3UBiW5uSX/MoOD0LL5zG3bVyL3Y6pDwKuYvfLNhoyAw |HjAcBgNVHREBAf8EEjAQhwQBAQEBgghjYXNoLmFwcDAKBggqhkjOPQQDAgNIADBF |AiAyHHg1N6YDDQiY920+cnI5XSZwEGhAtb9PYWO8bLmkcQIhAI2CfEZf3V/obmdT |yyaoEufLKVXhrTQhRfodTeigi4RX |-----END CERTIFICATE----- |-----BEGIN PRIVATE KEY----- |MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA7ODT0xhGSNn4ESj6J |lu/GJQZoU9lDrCPeUcQ28tzOWw== |-----END PRIVATE KEY----- """.trimMargin()) val handshakeCertificates = HandshakeCertificates.Builder() .heldCertificate(heldCertificate) .build() val server = MockWebServer() server.useHttps(handshakeCertificates.sslSocketFactory(), false)
Get these strings with
HeldCertificate.certificatePem()
andprivateKeyPkcs8Pem()
.Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by the certificate that follows and the last certificate is signed by a trusted root.
Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this happened enough then eventually the connection would stall.
Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to fail the call.