Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vFxMN-004LES-7v for pgsql-hackers@arkaria.postgresql.org; Mon, 03 Nov 2025 16:24:46 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1vFxMM-005mqC-4R for pgsql-hackers@arkaria.postgresql.org; Mon, 03 Nov 2025 16:24:45 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vFxML-005mq4-Q8 for pgsql-hackers@lists.postgresql.org; Mon, 03 Nov 2025 16:24:44 +0000 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vFxMH-005F5T-2p for pgsql-hackers@postgresql.org; Mon, 03 Nov 2025 16:24:42 +0000 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-88051279e87so15831906d6.3 for ; Mon, 03 Nov 2025 08:24:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1762187081; x=1762791881; darn=postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=b/97b8kIhr6fIjm83QkKgg2Wao8D6UgS5/IlTCqmtSE=; b=DvYlYtnluE56LJkuqnoHUiVV6rVzFNE9qdIKOKbnesqV+xDVzws2SiZG0oFjNi9DGi BbxU7l+X0tSdzLBaNxoN+gIhpYbn0PBvrFYeeKcW3t5aySBeS1NJB4S+nIT1lFIId0la 16YI5fFV28gV64ipUBArROS04br/F9dLfWVbYGw1QXw+uknIasS4hL2PsV5NwLoPMpP0 WfMuR+cb50/DFpmhVrF4lWZd/I6WoZ2anOjhe+0U/Xc5RBfZm68D1JVccmag4XQIdZTU 6nAy4l7lelJ2c2WBMAM0hFmw41s6FEGRDrQdlk4wmY72/bg2nNN0fZcpL4R2fT4lfa6Z N85Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762187081; x=1762791881; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b/97b8kIhr6fIjm83QkKgg2Wao8D6UgS5/IlTCqmtSE=; b=EDHI/zm1iAnB65gVkJxdGKmwAr3C/3/ClF8R60WCH4Ua4j+uTU72h4sMK8/JS3laKf ADh6zlJO32XOZulBIMhEwGMRvVJmJgHdkiicPxTF7ASZx0MIDcncRy8RpkvkCWsc5oiO 22gNGFlbNXWr/b76+Rk0VILMbO8MhBwaQFNRAJ4IS2k7MArkGn1GiV+3l8GuTNh8CXWL 0svaNdjgnxQJaF4MzAcnAVFbB4TyA4dBx3olOPFZRs+A4b4Uh7aQoBTq4pplLFIED6YU MU8uO/qc11f19vy53KRWDTmvn9rbMKEyjDQNbWz74JL2W6nmvEwBCzLPWSJGfBtA1urY X7iw== X-Gm-Message-State: AOJu0YxsQHddY7RWQwhJGav5ubpxwxzrbErkpMRus8Ua9Wbl0FsKAeq6 X3Pw9PadLRHMhTu3wbqXzBzRzdFIjWZBh/1jRYUGgh5xdQT9dgrPljoL4MXSKPWzoQNJMrC/EgJ t75RHmtBaCeZL+Csead7DUKbfFLmoyguV3cWjgtGE X-Gm-Gg: ASbGnctm4uELjkihUjWggwUzVADrZHCNIzE389Fz8hOdoDJ+ZP5LdKGPspFoLd38mRD Qfg3dwUmi9dycwa9Hd7LJ5CrVo+4q3LrzeFfk7p6aQw8IrwnulI8tavX9eNQy7lDkBx6Mtf55sK tCbrkoMlEfUkBhQn8xClYpxQ+TCB91CcUe1Ac/EAVooZmbx2MIfMA040up+Zl4vgHz7k6iaVejv aO49exo0+OHGvtgtU0SRNHYstR/qnkoS8EYIMGZk9mWpIunFzRHrxZd2M3wSeWovpYkFVGdxA== X-Google-Smtp-Source: AGHT+IGE7v8X++Tj3hgY43oVEhoG0sjpXoxrrjTv9dRVk3P8/pOjb7mEtI4RyeAtqwb/MaPvLDdIubmayroyFal72pY= X-Received: by 2002:ad4:5c4a:0:b0:87f:bd05:1c74 with SMTP id 6a1803df08f44-8802f2d3acemr161367286d6.17.1762187080475; Mon, 03 Nov 2025 08:24:40 -0800 (PST) MIME-Version: 1.0 References: <16a91d02795cb991963326a902afa764e4d721db.camel@gmail.com> <3D82D240-1CC5-4CE6-BE30-6065B693D40C@yesql.se> In-Reply-To: <3D82D240-1CC5-4CE6-BE30-6065B693D40C@yesql.se> From: Jacob Champion Date: Mon, 3 Nov 2025 08:24:29 -0800 X-Gm-Features: AWmQ_bkdy0nRGx2mesSczDrume3oHZc-2495r4834BjxGs3kFt-4LRvcxDOZvO8 Message-ID: Subject: Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode To: Daniel Gustafsson , "Jonathan Gonzalez V." Cc: PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, Nov 3, 2025 at 6:24=E2=80=AFAM Daniel Gustafsson = wrote: > If we do allow this (IIRC we did discuss during development to allow this= but > erred on the side of caution) Yeah, the replaced comment explains it. The assumption is that whatever device you're using to log in (presumably a browser, not Curl) has to have the certificates figured out for production use, so overriding it for Curl alone is probably only good enough for dev use. But I ran into this annoyance (wanted to override the CA for temporary development purposes, got sprayed with debug output) during a demo just last month, so I'm in favor of doing something to make this easier. > it should probably be made into a env var *and* > connection param setting like how libpq is otherwise configured? I'm still not quite sure about the target audience. If it's just for developers, I don't necessarily see a need to take up connection string space (or provide our proxies with yet another setting to worry about). Jonathan, the patch itself claims to handle two cases. What's the production use case where a company has its own CA isolated from the Internet but isn't willing to add that CA to the system trust? The reason I ask is that we'd briefly talked about splitting PGOAUTHDEBUG into more granular settings than just "off" and "UNSAFE". So if this is a developer-only thing, we could maybe put some more design work into the list of debug features. That list currently includes the stderr spray, turning off HTTPS, allowing sub-second ping intervals, overriding the CA, debugging libpq-oauth link failures, counting the calls to the flow -- all of which run the gamut from "completely unsafe" to "completely safe". Thanks! --Jacob