Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tzbHG-00464o-VC for pgsql-hackers@arkaria.postgresql.org; Tue, 01 Apr 2025 13:03:38 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tzbHD-0021i4-Vk for pgsql-hackers@arkaria.postgresql.org; Tue, 01 Apr 2025 13:03:35 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tzbHD-0021hv-Le for pgsql-hackers@lists.postgresql.org; Tue, 01 Apr 2025 13:03:35 +0000 Received: from mout-p-101.mailbox.org ([80.241.56.151]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tzbH9-002knw-0C for pgsql-hackers@lists.postgresql.org; Tue, 01 Apr 2025 13:03:35 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4ZRp8b4nHkz9tgG; Tue, 1 Apr 2025 15:03:27 +0200 (CEST) Date: Tue, 1 Apr 2025 15:03:25 +0200 From: Christoph Berg To: Jacob Champion Cc: Daniel Gustafsson , Thomas Munro , pgsql-hackers@lists.postgresql.org Subject: Re: pgsql: Add support for OAUTHBEARER SASL mechanism Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4ZRp8b4nHkz9tgG List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Re: Jacob Champion > (That means that Windows builds --with-libcurl are similarly broken, I > think. Not that Windows packagers will want to use --with-libcurl -- > it doesn't do anything -- but it should build.) Does --with-libcurl still do anything useful if this feature test fails? From what you are saying, the answer is "no", and I can see more "not on this platform" error messages in other callbacks. This should be documented in doc/src/sgml/installation.sgml. > We could change how this works a bit for the proposed libpq-oauth.so > plugin, and only build it if we have a workable implementation. I do > like having these other platforms compile the Curl code, though, since > we'd prefer to keep the build clean for a future Windows > implementation... I would prefer to get an error from configure if the feature doesn't do anything on my platform. The current way is confusing. If future users of libcurl change that, the configure test can still be changed. With the libpq-oauth split, this makes even more sense because building a library that always throws an error isn't very useful. (Don't build that file at all if the feature doesn't work.) Since oauth/curl have some security implications, would it make more sense to call the switch --enable-oauth (-Doauth) so users could control better what features their libpq is going to have? Perhaps some other feature (pg_service as URL?) is going to need libcurl as well, but it should be configurable separately. Christoph