Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w05lA-001bsW-1c
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 10 Mar 2026 22:41:04 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w05l8-006Tgg-33
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 10 Mar 2026 22:41:03 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <zsolt.parragi@percona.com>)
	id 1w05l8-006TgW-26
	for pgsql-hackers@lists.postgresql.org;
	Tue, 10 Mar 2026 22:41:03 +0000
Received: from mail-yw1-x1132.google.com ([2607:f8b0:4864:20::1132])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <zsolt.parragi@percona.com>)
	id 1w05l6-000000022VZ-38UU
	for pgsql-hackers@postgresql.org;
	Tue, 10 Mar 2026 22:41:02 +0000
Received: by mail-yw1-x1132.google.com with SMTP id
 00721157ae682-79628fb5c05so112592437b3.2
        for <pgsql-hackers@postgresql.org>;
 Tue, 10 Mar 2026 15:41:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1773182459; cv=none;
        d=google.com; s=arc-20240605;
        b=ODRxFASutygPG2kRaEVVc1WHnMDe0dEDu2SmvdsqJ8FIZOQFhoFTsvv+eJD/8z+aNs
         SQAOVM0Rn56b0c58hCRyR6IAuO8FUEyYTJhT2KJoIScbSZ6Fs1TAqFxuTXzgHnOaA5H2
         ZHWhlQDCAkIDGvBoTrxxG91/qUD2FOGTBwK4oGcSgfepvIRGk1KBYxlSZeSklhXXuXN0
         pzjC1vOpDo6KDPb/rAOlDIO5vtUTPhZm8RsxW+tO9v5N+I+SYBeBmY1z/TnUkgatDIc/
         xO8upAMWOkTsFp2cfxlNgSWSWx/j+60oXWM2GbzmlPyyhyi8SX/X6gCGKKbwiRvRORV/
         td2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=ARDtDB+KEQBItwiQ9RIagXsezc1tcj+5ll85kmQCfB4=;
        fh=jCoDwIeyCOxuPWI71uKseWK1EfQvCAj+yTQWjIgB11Q=;
        b=k5Ysv+hSe8j7klRTqTHw0u/CTi6NVAHBY3MMzSGwq9zRbp2RIl6B6zplWfCOlqJaOr
         Dju5FsDmmG1jxuG8AiTf/ZDwyC6wKHkoz5x6v/8JHYiCiCob9d8r5zjnWCRyhF+NctXt
         XJzpksB9Ke6GVuZnrvZq2Mssi+9WMhzx9QjaO1UGsgB6k5TeJpVng2OYeHAiBgZSf7pg
         cqLyOd+Bl8ZmegopiQPrsopwUORERHh9+lgNvdxsS7PsTWFlps94lnarPCo86mm2OXMb
         TwM2ddlV/tJbXiiRZlt3wR/ezea89Qm21oT10mkYgxxeZIRTDZbUn0wteKgu+Ty4bm6v
         R8Bg==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=percona.com; s=google; t=1773182459; x=1773787259;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=ARDtDB+KEQBItwiQ9RIagXsezc1tcj+5ll85kmQCfB4=;
        b=Iq9D4KX0jWCLEI3lUcPYht+v0uUrtd6k8YPSlBUOndznd0AApneuLudScIzs1hHT3m
         jVtuapT5IlPD0xwZILuALtQOhrnLbx81KX73myDTW83CMZnmYVeMOjdSExQJ1EKeZrBR
         jOfjTQ5IhBUVnV0ZQvfULrJStMVdIp9uqtgl8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1773182459; x=1773787259;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ARDtDB+KEQBItwiQ9RIagXsezc1tcj+5ll85kmQCfB4=;
        b=PodJYEGcWJrPU0hNbXoEvRhSTMFS24U2BnDNRVy5hh4UVoX4PdZdYGJwxTgFwp/fV8
         TXEm26Ft8oNnA5Rztuv8rMLIw2P14ykVYkHJzDsutRDXlbgjSR6rW6SY5peqYfBibceL
         +fMRVTvFNdHok6j097N5YAj1LD9CfaB6TVlWzwFFzFFE2iD2h7nr7DpwW5aUpuIMhPBr
         JmSSgwbULCH15Ysb0xwFWP9q7EaAb0rAiTSMkNYUj5dwd8VFTt9WAeo/NLgjCHyGek6Z
         mT21DgyhJ6/KOzJhjRY7yhsEo+JQjF7Z5ognzCULRHzEkXVyla1EVNheNQXIgkQHZLgM
         ZEug==
X-Forwarded-Encrypted: i=1;
 AJvYcCU8I165Nky03CF9FCEODEud4393vARUtw2I6obb0famG/atGU5fk1KlgDTwPbi0wcCjIXl8UgzinUFAYNX6@postgresql.org
X-Gm-Message-State: AOJu0YwvVh+xjTbAOrnmM3yK2qFkCXdsFu5Bme3HoI8j5syDbunPP2JR
	FfTzrf4zC0ytvKkmgRyvT6WGlX0ajG1BCS9M/+vKzwttGPDy2J132a9tdjgAtjJW1esmO7fdUig
	jyTzC2TWKbeXYZHQKZW74zM0KBnljUWpo6GTbOFV8qB2mxsc4C3lDkGm80MHUIkhfM4TKva2QEo
	6/TwbG6+a4ETCAcb8upTSi0rhmy2090fIDfKyTJu9DpaSZd8dwU6V/ndZ6w1hALFuSNqnaqQ7sD
	BUdHc6PB0mQVvP/wssvz5yFDm2hnPJv9ccgWWSKTHUo+pDpElc=
X-Gm-Gg: ATEYQzx2w3Hdk+to3u0FWy4606qKGb+dPYRtQqVYcIsnZRmT6UM8b7hvXtr7BwgWnw4
	EEiE0Thk0gI4/8REFJlFRekKU3tM0UOfScpL0sjsdINrUg2faWGkbP3e5KPUKKfUtThDDv9I8XQ
	/psK79y9mOWA7PIX0sU2rzn00f58LsjtkR9/QTWvot0Z6Yy5DOS3PLDuzHSZmLuz4MS7Izi2nit
	+32RzmbtnBkGBHVMkZqpa/EZQEQ7RdLReVyWu21m6lHAmN6SPwDQRtH11ET3FjkVU8lBOS23IPZ
	FT3LOEjEyRZr//TYKnsv+8QwI7iGkpPw0rVBYQgBkYvnnz3WhrCFSh2wJ9F5Ef9qDrBS
X-Received: by 2002:a05:690c:d8d:b0:796:31ce:6026 with SMTP id
 00721157ae682-79917ec0f44mr3919977b3.16.1773182458521; Tue, 10 Mar 2026
 15:40:58 -0700 (PDT)
MIME-Version: 1.0
References: <16a91d02795cb991963326a902afa764e4d721db.camel@gmail.com>
 <3D82D240-1CC5-4CE6-BE30-6065B693D40C@yesql.se>
 <CAOYmi+=fbZNJSkHVci=GpR8XPYObK=H+2ERRha0LDTS+ifsWnw@mail.gmail.com>
 <CAN4CZFPhm2NCRWzZpX=kRLqyxu4Ps-d0xE5W75a-iDoKrLbXBw@mail.gmail.com>
 <CAOYmi+=HcXJub1rDsQ7vpKMHuBB6NTA2Z5T=zAkaFdRThf+9zg@mail.gmail.com>
 <b08bf613bba131eaf15ac163d84604db452d4fde.camel@gmail.com>
 <CAOYmi+mMx1DnNpKG8RdknH0-GuPR9jv+G9r2iFND=Yve7DOF6g@mail.gmail.com>
 <7a0464f0c05db689eb97ba963b212d477d03f5a3.camel@gmail.com>
 <CAOYmi+nQawWHzC4mRhJnzZzzqjnUDg-yxN3f3ZqPX=+jpKU+zg@mail.gmail.com>
 <711e10411f81a2f554fec97b340b60abf5331c9a.camel@gmail.com>
 <CAOYmi+mTHahYXqBZH-bE1Z3Yc5SJ0gTHsM69LSVna2h7ftgVzQ@mail.gmail.com>
 <0eb07ab7217fe6da36ab0f96fad8a644982871b2.camel@gmail.com>
 <CAOYmi+kNGJXy3YqPDoceb1doNfA-S6fmdKv-AH3j0PPUicyUQQ@mail.gmail.com>
 <2373b0487573c9f780590709881ecc84e965abcc.camel@gmail.com>
 <9850AB21-78A7-43CD-94C6-FA8E3BC9F1B3@yesql.se>
 <8c169e088c585cf675be893670825056f473fa9f.camel@gmail.com>
In-Reply-To: <8c169e088c585cf675be893670825056f473fa9f.camel@gmail.com>
From: Zsolt Parragi <zsolt.parragi@percona.com>
Date: Tue, 10 Mar 2026 22:40:48 +0000
X-Gm-Features: AaiRm50Cfa24vu-vYIfZvQmIRXkS--dMVmLxAPFokSn23TTe-9FCkjDeI2zvafg
Message-ID: 
 <CAN4CZFMtcRDBQACw==1aHRBmdQDWNz=v4RqY0--iF=G6QfiQ3A@mail.gmail.com>
Subject: Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode
To: "Jonathan Gonzalez V." <jonathan.abdiel@gmail.com>
Cc: Daniel Gustafsson <daniel@yesql.se>,
 Jacob Champion <jacob.champion@enterprisedb.com>,
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
X-CLOUD-SEC-AV-Sent: true
X-CLOUD-SEC-AV-Info: percona,google_mail,monitor
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAN4CZFMtcRDBQACw%3D%3D1aHRBmdQDWNz%3Dv4RqY0--iF%3DG6QfiQ3A%40mail.gmail.com>
Precedence: bulk

Hello

I only have a few minor comments/questions:

Shouldn't we free oauth_ca_file in freePGconn?

Would a test case with an invalid/incorrect CA file be also useful, or
is that too much testing of curl internals?

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 6db823808fc..24fda826dd1 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml

Shouldn't the doc update also include oauth_ca_file?

+ {"oauth_ca_file", "PGOAUTHCAFILE", NULL, NULL,
+ "Oauth-CA-File", "", 64,
+ offsetof(struct pg_conn, oauth_ca_file)}

That should be OAuth-CA-File

+ * Allow to set the CA even if we're not in debug mode, this would make it easy
+ * to work on environments were the CA could be internal and available on every
+ * system, like big companies with airgap systems.

where the CA