# HG changeset patch # User Yaroslav Zhuravlev # Date 1669657349 0 # Node ID 3a2d342533fbc0203cd2edda4d87932a921c5192 # Parent a20b51e84c32af154412f0f11d0d890e7364d746 Updated docs for the upcoming NGINX Plus release. diff --git a/xml/en/GNUmakefile b/xml/en/GNUmakefile --- a/xml/en/GNUmakefile +++ b/xml/en/GNUmakefile @@ -72,6 +72,7 @@ REFS = \ http/ngx_http_mp4_module \ http/ngx_http_perl_module \ http/ngx_http_proxy_module \ + http/ngx_http_proxy_protocol_vendor_module \ http/ngx_http_random_index_module \ http/ngx_http_realip_module \ http/ngx_http_referer_module \ @@ -112,6 +113,7 @@ REFS = \ stream/ngx_stream_log_module \ stream/ngx_stream_map_module \ stream/ngx_stream_proxy_module \ + stream/ngx_stream_proxy_protocol_vendor_module \ stream/ngx_stream_realip_module \ stream/ngx_stream_return_module \ stream/ngx_stream_set_module \ diff --git a/xml/en/docs/http/ngx_http_api_module.xml b/xml/en/docs/http/ngx_http_api_module.xml --- a/xml/en/docs/http/ngx_http_api_module.xml +++ b/xml/en/docs/http/ngx_http_api_module.xml @@ -2151,18 +2151,89 @@ The total number of failed SSL handshake The total number of session reuses during SSL handshake. + +no_common_protocol (integer) + + +The number of SSL handshakes failed because of no common protocol. + + +no_common_cipher (integer) + + +The number of SSL handshakes failed because of no shared cipher. + + +handshake_timeout (integer) + + +The number of SSL handshakes failed because of a timeout. + + +peer_rejected_cert (integer) + + +The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message. + + +verify_failures + +SSL certificate verification errors + +no_cert (integer) + + +A client did not provide the required certificate. + + +expired_cert (integer) + + +An expired or not yet valid certificate was presented by a client. + + +revoked_cert (integer) + + +A revoked certificate was presented by a client. + + +hostname_mismatch (integer) + + +Server's certificate doesn't match the hostname. + + +other (integer) + + +Other SSL certificate verification errors. + + + Example: { "handshakes" : 79572, "handshakes_failed" : 21025, - "session_reuses" : 15762 + "session_reuses" : 15762, + "no_common_protocol" : 4, + "no_common_cipher" : 2, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "no_cert" : 0, + "expired_cert" : 2, + "revoked_cert" : 1, + "hostname_mismatch" : 2, + "other" : 1 + } } Shared memory zone with slab allocator: - +Shared memory zone with slab allocator

pages

@@ -2395,6 +2466,60 @@ The total number of failed SSL handshake The total number of session reuses during SSL handshake. + +no_common_protocol (integer) + + +The number of SSL handshakes failed because of no common protocol. + + +no_common_cipher (integer) + + +The number of SSL handshakes failed because of no shared cipher. + + +handshake_timeout (integer) + + +The number of SSL handshakes failed because of a timeout. + + +peer_rejected_cert (integer) + + +The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message. + + +verify_failures + +SSL certificate verification errors + +no_cert (integer) + + +A client did not provide the required certificate. + + +expired_cert (integer) + + +An expired or not yet valid certificate was presented by a client. + + +revoked_cert (integer) + + +A revoked certificate was presented by a client. + + +other (integer) + + +Other SSL certificate verification errors. + + +

@@ -2423,7 +2548,17 @@ The total number of session reuses durin "ssl" : { "handshakes" : 104303, "handshakes_failed" : 1421, - "session_reuses" : 54645 + "session_reuses" : 54645, + "no_common_protocol" : 4, + "no_common_cipher" : 2, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "no_cert" : 0, + "expired_cert" : 2, + "revoked_cert" : 1, + "other" : 1 + } } } @@ -2907,6 +3042,54 @@ The total number of failed SSL handshake The total number of session reuses during SSL handshake. + +no_common_protocol (integer) + + +The number of SSL handshakes failed because of no common protocol. + + +handshake_timeout (integer) + + +The number of SSL handshakes failed because of a timeout. + + +peer_rejected_cert (integer) + + +The number of failed SSL handshakes when nginx presented the certificate to the upstream server but it was rejected with a corresponding alert message. + + +verify_failures + +SSL certificate verification errors + +expired_cert (integer) + + +An expired or not yet valid certificate was presented by an upstream server. + + +revoked_cert (integer) + + +A revoked certificate was presented by an upstream server. + + +hostname_mismatch (integer) + + +Server's certificate doesn't match the hostname. + + +other (integer) + + +Other SSL certificate verification errors. + + +

@@ -3120,7 +3303,16 @@ The total number of requests rejected du "ssl" : { "handshakes" : 620311, "handshakes_failed" : 3432, - "session_reuses" : 36442 + "session_reuses" : 36442, + "no_common_protocol" : 4, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "expired_cert" : 2, + "revoked_cert" : 1, + "hostname_mismatch" : 2, + "other" : 1 + } }, "max_conns" : 20, "requests" : 667231, @@ -3408,6 +3600,60 @@ The total number of failed SSL handshake The total number of session reuses during SSL handshake. + +no_common_protocol (integer) + + +The number of SSL handshakes failed because of no common protocol. + + +no_common_cipher (integer) + + +The number of SSL handshakes failed because of no shared cipher. + + +handshake_timeout (integer) + + +The number of SSL handshakes failed because of a timeout. + + +peer_rejected_cert (integer) + + +The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message. + + +verify_failures + +SSL certificate verification errors + +no_cert (integer) + + +A client did not provide the required certificate. + + +expired_cert (integer) + + +An expired or not yet valid certificate was presented by a client. + + +revoked_cert (integer) + + +A revoked certificate was presented by a client. + + +other (integer) + + +Other SSL certificate verification errors. + + + @@ -3429,7 +3675,17 @@ The total number of session reuses durin "ssl" : { "handshakes" : 76455, "handshakes_failed" : 432, - "session_reuses" : 28770 + "session_reuses" : 28770, + "no_common_protocol" : 4, + "no_common_cipher" : 2, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "no_cert" : 0, + "expired_cert" : 2, + "revoked_cert" : 1, + "other" : 1 + } } } } @@ -3541,6 +3797,54 @@ The total number of failed SSL handshake The total number of session reuses during SSL handshake. + +no_common_protocol (integer) + + +The number of SSL handshakes failed because of no common protocol. + + +handshake_timeout (integer) + + +The number of SSL handshakes failed because of a timeout. + + +peer_rejected_cert (integer) + + +The number of failed SSL handshakes when nginx presented the certificate to the upstream server but it was rejected with a corresponding alert message. + + +verify_failures + +SSL certificate verification errors + +expired_cert (integer) + + +An expired or not yet valid certificate was presented by an upstream server. + + +revoked_cert (integer) + + +A revoked certificate was presented by an upstream server. + + +hostname_mismatch (integer) + + +Server's certificate doesn't match the hostname. + + +other (integer) + + +Other SSL certificate verification errors. + + +

@@ -3676,7 +3980,16 @@ The name of the shared memory zone that keeps the group’s configuration and run-time state. "ssl" : { "handshakes" : 200, "handshakes_failed" : 4, - "session_reuses" : 189 + "session_reuses" : 189, + "no_common_protocol" : 4, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "expired_cert" : 2, + "revoked_cert" : 1, + "hostname_mismatch" : 2, + "other" : 1 + } }, "max_conns" : 50, "connections" : 667231, diff --git a/xml/en/docs/http/ngx_http_upstream_module.xml b/xml/en/docs/http/ngx_http_upstream_module.xml --- a/xml/en/docs/http/ngx_http_upstream_module.xml +++ b/xml/en/docs/http/ngx_http_upstream_module.xml @@ -900,6 +900,7 @@ The least_time method address ... [valid=time] + [ipv4=on|off] [ipv6=on|off] [status_zone=zone] @@ -920,7 +921,8 @@ Name servers are queried in a round-robi By default, nginx will look up both IPv4 and IPv6 addresses while resolving. -If looking up of IPv6 addresses is not desired, +If looking up of IPv4 or IPv6 addresses is not desired, +the ipv4=off (1.23.1) or the ipv6=off parameter can be specified. @@ -983,7 +985,7 @@ This directive is available as part of o [expires=time] [domain=domain] [httponly] - [samesite=strict|lax|none] + [samesite=strict|lax|none|$variable] [secure] [path=path] @@ -1081,13 +1083,22 @@ Adds the HttpOnly att samesite=strict | -lax | none +lax | none | $variable

-Adds the SameSite attribute to the cookie -with one of the following values (1.19.4): +Adds the SameSite (1.19.4) attribute to the cookie +with one of the following values: +Strict, +Lax, +None, or +using variables (1.23.3). +In the latter case, if the variable value is empty, +the SameSite attribute will not be added to the cookie, +if the value is resolved to Strict, Lax, or -None. +None, +the the corresponding value will be assigned, +otherwise the Strict value will be assigned.

secure diff --git a/xml/en/docs/index.xml b/xml/en/docs/index.xml --- a/xml/en/docs/index.xml +++ b/xml/en/docs/index.xml @@ -380,6 +380,11 @@ ngx_http_proxy_module + +ngx_http_proxy_protocol_vendor_module + + + ngx_http_random_index_module @@ -592,6 +597,11 @@ ngx_stream_proxy_module + +ngx_stream_proxy_protocol_vendor_module + + + ngx_stream_realip_module diff --git a/xml/en/docs/stream/ngx_stream_upstream_module.xml b/xml/en/docs/stream/ngx_stream_upstream_module.xml --- a/xml/en/docs/stream/ngx_stream_upstream_module.xml +++ b/xml/en/docs/stream/ngx_stream_upstream_module.xml @@ -543,6 +543,7 @@ The least_time method address ... [valid=time] + [ipv4=on|off] [ipv6=on|off] [status_zone=zone] @@ -563,7 +564,8 @@ Name servers are queried in a round-robi By default, nginx will look up both IPv4 and IPv6 addresses while resolving. -If looking up of IPv6 addresses is not desired, +If looking up of IPv4 or IPv6 addresses is not desired, +the ipv4=off (1.23.1) or the ipv6=off parameter can be specified. diff --git a/xml/ru/GNUmakefile b/xml/ru/GNUmakefile --- a/xml/ru/GNUmakefile +++ b/xml/ru/GNUmakefile @@ -60,6 +60,7 @@ REFS = \ http/ngx_http_mp4_module \ http/ngx_http_perl_module \ http/ngx_http_proxy_module \ + http/ngx_http_proxy_protocol_vendor_module \ http/ngx_http_random_index_module \ http/ngx_http_realip_module \ http/ngx_http_referer_module \ @@ -98,6 +99,7 @@ REFS = \ stream/ngx_stream_log_module \ stream/ngx_stream_map_module \ stream/ngx_stream_proxy_module \ + stream/ngx_stream_proxy_protocol_vendor_module \ stream/ngx_stream_realip_module \ stream/ngx_stream_return_module \ stream/ngx_stream_set_module \ diff --git a/xml/ru/docs/http/ngx_http_upstream_module.xml b/xml/ru/docs/http/ngx_http_upstream_module.xml --- a/xml/ru/docs/http/ngx_http_upstream_module.xml +++ b/xml/ru/docs/http/ngx_http_upstream_module.xml @@ -908,6 +908,7 @@ server { адрес ... [valid=время] + [ipv4=on|off] [ipv6=on|off] [status_zone=зона] @@ -929,8 +930,9 @@ resolver 127.0.0.1 [::1]:5353; По умолчанию nginx будет искать как IPv4-, так и IPv6-адреса при преобразовании имён в адреса. -Если поиск IPv6-адресов нежелателен, -можно указать параметр ipv6=off. +Если поиск IPv4- или IPv6-адресов нежелателен, +можно указать параметр ipv4=off (1.23.1) или +ipv6=off. @@ -993,11 +995,11 @@ resolver_timeout 5s; [expires=время] [domain=домен] [httponly] - [samesite=strict|lax|none] + [samesite=strict|lax|none|$переменная] [secure] [path=путь] - route переменная ... + route $переменная ... learn create=$переменная @@ -1089,13 +1091,22 @@ 31 декабря 2037 года 23:55:55 GMT. samesite=strict | -lax | none +lax | none | $переменная

-Добавляет атрибут SameSite к куке -с одним из следующих значений (1.19.4): +Добавляет атрибут SameSite (1.19.4) к куке +с одним из следующих значений: +Strict, +Lax, +None или +при помощи переменных (1.23.3). +В последнем случае если переменная имеет пустое значение, +то атрибут SameSite не будет добавлен к куке, +если значение переменной равно Strict, Lax или -None. +None, +то атрибуту будет назначено соответствующее значение, +иначе атрибуту будет назначено значение Strict.

secure diff --git a/xml/ru/docs/index.xml b/xml/ru/docs/index.xml --- a/xml/ru/docs/index.xml +++ b/xml/ru/docs/index.xml @@ -385,6 +385,11 @@ ngx_http_proxy_module + +ngx_http_proxy_protocol_vendor_module + + + ngx_http_random_index_module @@ -597,6 +602,11 @@ ngx_stream_proxy_module + +ngx_stream_proxy_protocol_vendor_module + + + ngx_stream_realip_module diff --git a/xml/ru/docs/stream/ngx_stream_upstream_module.xml b/xml/ru/docs/stream/ngx_stream_upstream_module.xml --- a/xml/ru/docs/stream/ngx_stream_upstream_module.xml +++ b/xml/ru/docs/stream/ngx_stream_upstream_module.xml @@ -544,6 +544,7 @@ hash $remote_addr; адрес ... [valid=время] + [ipv4=on|off] [ipv6=on|off] [status_zone=зона] @@ -565,8 +566,9 @@ resolver 127.0.0.1 [::1]:5353; По умолчанию nginx будет искать как IPv4-, так и IPv6-адреса при преобразовании имён в адреса. -Если поиск IPv6-адресов нежелателен, -можно указать параметр ipv6=off. +Если поиск IPv4- или IPv6-адресов нежелателен, +можно указать параметр ipv4=off (1.23.1) или +ipv6=off. diff --git a/yaml/nginx_api.yaml b/yaml/nginx_api.yaml --- a/yaml/nginx_api.yaml +++ b/yaml/nginx_api.yaml @@ -2204,10 +2204,57 @@ definitions: session_reuses: type: integer description: The total number of session reuses during SSL handshake. + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + no_common_cipher: + type: integer + description: The number of SSL handshakes failed + because of no shared cipher. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the client + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + no_cert: + type: integer + description: A client did not provide the required certificate. + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by a client. + revoked_cert: + type: integer + description: A revoked certificate was presented by a client. + hostname_mismatch: + type: integer + description: Server's certificate doesn't match the hostname. + other: + type: integer + description: Other SSL certificate verification errors. example: handshakes: 79572 handshakes_failed: 21025 session_reuses: 15762 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 NginxSlabZoneMap: title: Slab Zones description: | @@ -2284,6 +2331,7 @@ definitions: NginxSlabZone: title: Shared memory zone with slab allocator description: | + Shared memory zone with slab allocator type: object properties: pages: @@ -2399,6 +2447,16 @@ definitions: handshakes: 65432 handshakes_failed: 421 session_reuses: 4645 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 site2: processing: 1 requests: 185307 @@ -2421,6 +2479,16 @@ definitions: handshakes: 104303 handshakes_failed: 1421 session_reuses: 54645 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 NginxHTTPServerZone: title: HTTP Server Zone type: object @@ -2500,6 +2568,40 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + no_common_cipher: + type: integer + description: The number of SSL handshakes failed + because of no shared cipher. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the client + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + no_cert: + type: integer + description: A client did not provide the required certificate. + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by a client. + revoked_cert: + type: integer + description: A revoked certificate was presented by a client. + other: + type: integer + description: Other SSL certificate verification errors. example: processing: 1 requests: 706690 @@ -2522,6 +2624,15 @@ definitions: handshakes: 104303 handshakes_failed: 1421 session_reuses: 54645 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 NginxHTTPLocationZonesMap: title: HTTP Location Zones description: | @@ -2935,6 +3046,14 @@ definitions: handshakes: 620311 handshakes_failed: 3432 session_reuses: 36442 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 requests: 667231 header_time: 20 response_time: 36 @@ -3005,6 +3124,14 @@ definitions: handshakes: 620311 handshakes_failed: 3432 session_reuses: 36442 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 requests: 667231 header_time: 20 response_time: 36 @@ -3113,6 +3240,14 @@ definitions: handshakes: 620311 handshakes_failed: 3432 session_reuses: 36442 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 20 requests: 667231 header_time: 20 @@ -3247,6 +3382,36 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the upstream server + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by an upstream server. + revoked_cert: + type: integer + description: A revoked certificate was presented by an upstream server. + hostname_mismatch: + type: integer + description: Server's certificate doesn't match the hostname. + other: + type: integer + description: Other SSL certificate verification errors. max_conns: type: integer description: The @@ -3558,6 +3723,15 @@ definitions: handshakes: 76455 handshakes_failed: 432 session_reuses: 28770 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 dns: processing: 1 connections: 155569 @@ -3573,6 +3747,15 @@ definitions: handshakes: 2040 handshakes_failed: 23 session_reuses: 65 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 NginxStreamServerZone: title: Stream Server Zone type: object @@ -3634,6 +3817,40 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + no_common_cipher: + type: integer + description: The number of SSL handshakes failed + because of no shared cipher. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the client + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + no_cert: + type: integer + description: A client did not provide the required certificate. + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by a client. + revoked_cert: + type: integer + description: A revoked certificate was presented by a client. + other: + type: integer + description: Other SSL certificate verification errors. example: dns: processing: 1 @@ -3650,6 +3867,15 @@ definitions: handshakes: 76455 handshakes_failed: 432 session_reuses: 28770 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 NginxStreamLimitConnZonesMap: title: Stream limit_conns description: | @@ -3698,6 +3924,14 @@ definitions: handshakes: 1045 handshakes_failed: 89 session_reuses: 321 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 30 connecions: 1231 sent: 251946292 @@ -3748,6 +3982,14 @@ definitions: handshakes: 5268 handshakes_failed: 121 session_reuses: 854 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 30 connections: 667231 sent: 251946292 @@ -3814,6 +4056,14 @@ definitions: handshakes: 200 handshakes_failed: 4 session_reuses: 189 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 50 connections: 667231 sent: 251946292 @@ -3925,6 +4175,36 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the upstream server + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by an upstream server. + revoked_cert: + type: integer + description: A revoked certificate was presented by an upstream server. + hostname_mismatch: + type: integer + description: Server's certificate doesn't match the hostname. + other: + type: integer + description: Other SSL certificate verification errors. max_conns: type: integer description: The