Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vssC8-005jJa-1x
	for pgsql-hackers@arkaria.postgresql.org;
	Thu, 19 Feb 2026 00:47:04 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vssC7-001Cbk-1I
	for pgsql-hackers@arkaria.postgresql.org;
	Thu, 19 Feb 2026 00:47:03 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vssC7-001CbM-0K
	for pgsql-hackers@lists.postgresql.org;
	Thu, 19 Feb 2026 00:47:03 +0000
Received: from mail-qv1-xf29.google.com ([2607:f8b0:4864:20::f29])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vssC2-000000003Vk-3zrp
	for pgsql-hackers@postgresql.org;
	Thu, 19 Feb 2026 00:47:01 +0000
Received: by mail-qv1-xf29.google.com with SMTP id 6a1803df08f44-896f4627dffso5806206d6.0
        for <pgsql-hackers@postgresql.org>; Wed, 18 Feb 2026 16:46:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1771462019; cv=none;
        d=google.com; s=arc-20240605;
        b=Sj/hxFz8lZxTnWxepWxiM7FcFnBp2obc1nbYL8VOWYihkbiOM22Wm3xLfK+bFc0MAy
         b+PA1jX1rDCmrBagqaf03EkpvxeMOQKzIrOanpcp78XLyjv5WFmPizb2FuFw9ZjeWxro
         TLeL/LLlekBZHbbJ2RFuXs5dIt9BghqBtmJOX/Pt7OktyEIfLyl54ehqoEPNqA+Z/4dh
         JNfc8+/TBpEvtC9wGcrCsefuRj2eN/SHGdwqnK2Ip44wBYRnr8em1j9Ff+E962cgZTsr
         R2QiuYGmmktZGNpoHkD1TDv6pNlHCpjPY2oOunDYKRg5kr7usjRvwmAufmnvNj4sCNLI
         oj0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=X70B+N+Xr3u3k9N53c6MNwnMSYlP29jggYArCYL5uiQ=;
        fh=eJ/6EeZC58t9be9oAKgtSyskqHCBXi50tWJWcn3GlsI=;
        b=G4BVhHdMxWcnjO4tItfxK9xyA07ajrylZIvgOycMxQne+SpU4bN/YBFcLJ5eLMoKQh
         +mI0GP9PnO7HnFVDUDwuSoW2vjw77fWaK1jUD2K27mP0frZ+snFD3+22QoinXpBuELOW
         ilpUCDrn8kc9dLzybBzkSSEdFNbrKrtduoF+tvC/ES/yF8PQ9lQ29FbkKbm/qN4w8WS0
         f023v43xY7yGDnK3hraiDCok9SW+Jje3VJ7bB9IZcwre2Z8/Xv4K3fQMbjtPWePSGQsp
         kpujqOypF+W0dx+X9mMFiaKFpv/OJwcs4D34IRvhND56k7Yj5rhziOj8CaFk1cYFQLCJ
         8cow==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1771462019; x=1772066819; darn=postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=X70B+N+Xr3u3k9N53c6MNwnMSYlP29jggYArCYL5uiQ=;
        b=YPhhIxFGmQY2aDIVas3T36R3xGOefJB8h1KIPpGXbgxI1NiZ9jLBSSpEro+omcDvnT
         Nxd6RXVAGhAM+T4wT/LZxPgh/mZ2eMMh3sLQPXSR4dQvVzd5vCO7bsa/suQT+3hViTn/
         06tlOIidsV8+b3oyU6YlFyWaFk+Miz7uDCErRx7dXSy3FeDmCc4OguxjEQ9OblODJctn
         kigdY+bwTxcNp4v7mcjHhqusVN4bKLpwMRKXI+WUcjRvcv6mm81eK4313S4M8ta/g8oU
         z5Gv99oEr5fAkVvIaloZzbfieQl30ACfSIdAbM3NqLPPlhoCukX2HKHWa6OwBrWNqWOE
         snaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1771462019; x=1772066819;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=X70B+N+Xr3u3k9N53c6MNwnMSYlP29jggYArCYL5uiQ=;
        b=tZH35GBmRoY8Dp+mgtztvuYdJjhg6o5zw/d5DJEFUp7m1/2SzondJS5mMA1/r68jVK
         q4jseajeRorB02TXmiDpu/xHAFKSJvkSdpSTnJ+TWTnThUprbXgJ5h5pxP1k55Vad8TB
         DjA6/NUcgMZPKVFTQc6Cy3Kv7h96FB64dg2xm5tsD2YqkwMInewAgL+sYtTddjIy/SCG
         Z4n4IJGL1U8hNLXIQ+yvVx2vk/ZIa9/sr1XtUkni+rAOHxlVPUdJihjf/lwNLW8ILjjm
         qWUR181p6UIZn8ucQSncBvTpS/THOiVY9qKjmOF+NggW0vHfPNcQV+sv1BSxE3yJFBB4
         1G2g==
X-Forwarded-Encrypted: i=1; AJvYcCW2zdxhufqxraoirM9C7ht0CFgReisvM+wnZ97VxIOLTXHPAUpOYt4drgynUl0hTrdMa/M7TjOMK6FfMUyG@postgresql.org
X-Gm-Message-State: AOJu0YyGjTA1KLIe+0VteyW7R7GRW0EdESicGaCevQ2FJmaDfc1NzS/8
	+yC1/YyFxu4Xfk0ZBr/ELGUN+8fwjG/Smwh+CwarnIkWwVC+0UOjD8gru8ZHIEqmursyITchpAw
	BC1bCYharuDoszA/oDAnMVakIwtsas4BCGN5sdNqw
X-Gm-Gg: AZuq6aKzDxZ0N7M8tgcOCpTEyjfXyOx+e3a+WpevJgVWkFzrBZp3znJvJYqMm/0pycp
	7WnmBo7qzL+RyPZ8lf9mDEyMRmC7FlcBC0bJyZCXkjsEuKRb/Q9HeOmTZlN7a9gybRODerKUSga
	cv4qYefd+wVJQHTf/uR9SYJSvzqeRvqFMpA+dFyiEuT9+3S7mt/jF8glUCDkjN8FmvwFpgbNLMY
	iuG8xcJX8zFc1PUyPAPuct2m+CiQERZYDFtkJCr4ayrUyW/E+vj+sYxMghEjWxCauuTPEN+4cPM
	WTv1oemC8A==
X-Received: by 2002:a05:6214:e81:b0:896:fb19:9802 with SMTP id
 6a1803df08f44-89958048457mr57158686d6.43.1771462019248; Wed, 18 Feb 2026
 16:46:59 -0800 (PST)
MIME-Version: 1.0
References: <16a91d02795cb991963326a902afa764e4d721db.camel@gmail.com>
 <3D82D240-1CC5-4CE6-BE30-6065B693D40C@yesql.se> <CAOYmi+=fbZNJSkHVci=GpR8XPYObK=H+2ERRha0LDTS+ifsWnw@mail.gmail.com>
 <CAN4CZFPhm2NCRWzZpX=kRLqyxu4Ps-d0xE5W75a-iDoKrLbXBw@mail.gmail.com>
 <CAOYmi+=HcXJub1rDsQ7vpKMHuBB6NTA2Z5T=zAkaFdRThf+9zg@mail.gmail.com>
 <b08bf613bba131eaf15ac163d84604db452d4fde.camel@gmail.com>
 <CAOYmi+mMx1DnNpKG8RdknH0-GuPR9jv+G9r2iFND=Yve7DOF6g@mail.gmail.com>
 <7a0464f0c05db689eb97ba963b212d477d03f5a3.camel@gmail.com>
 <CAOYmi+nQawWHzC4mRhJnzZzzqjnUDg-yxN3f3ZqPX=+jpKU+zg@mail.gmail.com>
 <711e10411f81a2f554fec97b340b60abf5331c9a.camel@gmail.com>
 <CAOYmi+mTHahYXqBZH-bE1Z3Yc5SJ0gTHsM69LSVna2h7ftgVzQ@mail.gmail.com> <0eb07ab7217fe6da36ab0f96fad8a644982871b2.camel@gmail.com>
In-Reply-To: <0eb07ab7217fe6da36ab0f96fad8a644982871b2.camel@gmail.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Wed, 18 Feb 2026 16:46:48 -0800
X-Gm-Features: AaiRm50m_NIlgD-5abOQCBQKPIFv1ir3l7QdkRM-nVpUNFZ7tNLVXFOt3jHmWM8
Message-ID: <CAOYmi+kNGJXy3YqPDoceb1doNfA-S6fmdKv-AH3j0PPUicyUQQ@mail.gmail.com>
Subject: Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode
To: "Jonathan Gonzalez V." <jonathan.abdiel@gmail.com>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>, Daniel Gustafsson <daniel@yesql.se>, 
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CAOYmi%2BkNGJXy3YqPDoceb1doNfA-S6fmdKv-AH3j0PPUicyUQQ%40mail.gmail.com>
Precedence: bulk

On Tue, Feb 17, 2026 at 9:23=E2=80=AFAM Jonathan Gonzalez V.
<jonathan.abdiel@gmail.com> wrote:
> I'm attached a v2 of this patch I'm not really sure if this is what you
> mean.

At a glance, I think so!

> +#define conn_oauth_ca_file(CONN) (CONN->oauth_ca_file)

Arrrghh I hadn't even considered that this thread would conflict with
the changes over at [1]. Well, the silver lining is that I already
know I have to get most of that work in; this just serializes things.

> I want to add some test for this option that I think it could be really
> useful, what do you think?

Definitely. I could see either upgrading the oauth_validator test
suite to use HTTPS throughout, and then setting the new envvar
globally, or just adding a single test that switches it on (but I'm
not sure that's actually less work, since you have to teach
oauth_server.py to speak HTTPS either way).

Thanks!
--Jacob

[1] https://postgr.es/m/CAOYmi%2BmrGg%2Bn_X2MOLgeWcj3v_M00gR8uz_D7mM8z%3DdX=
1JYVbg%40mail.gmail.com