public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jacob Champion <[email protected]>
To: Jonathan Gonzalez V. <[email protected]>
Cc: Zsolt Parragi <[email protected]>
Cc: Daniel Gustafsson <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode
Date: Tue, 6 Jan 2026 08:28:39 -0800
Message-ID: <CAOYmi+mTHahYXqBZH-bE1Z3Yc5SJ0gTHsM69LSVna2h7ftgVzQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<CAOYmi+=fbZNJSkHVci=GpR8XPYObK=H+2ERRha0LDTS+ifsWnw@mail.gmail.com>
<CAN4CZFPhm2NCRWzZpX=kRLqyxu4Ps-d0xE5W75a-iDoKrLbXBw@mail.gmail.com>
<CAOYmi+=HcXJub1rDsQ7vpKMHuBB6NTA2Z5T=zAkaFdRThf+9zg@mail.gmail.com>
<[email protected]>
<CAOYmi+mMx1DnNpKG8RdknH0-GuPR9jv+G9r2iFND=Yve7DOF6g@mail.gmail.com>
<[email protected]>
<CAOYmi+nQawWHzC4mRhJnzZzzqjnUDg-yxN3f3ZqPX=+jpKU+zg@mail.gmail.com>
<[email protected]>
On Tue, Jan 6, 2026 at 12:45 AM Jonathan Gonzalez V.
<[email protected]> wrote:
> I will for sure still allow an environment variable too like OAUTH_CA
> or OAUTH_CA_FILE, just because environment variable for these
> parameters is widely used, just like in curl[1] has cacert_file and
> support for CURL_CA_BUNDLE, both options make sure that users may not
> be limited.
Right -- I hadn't meant that you should remove the PGOAUTHCAFILE
envvar from your patch, just that an oauth_ca_file parameter should be
added as well.
> I already worked a patch (before this one) to add an option to pass the
> CA but I discarded that because I didn't thought it was going to be
> accepted, I can rework that with all the ideas, but, what do you think
> about creating a wiki page with all the ideas to manage the
> certificates?
You're more than welcome to add any wiki pages you think would be
useful -- you certainly don't need my permission :D
If you don't have edit access yet, see
https://wiki.postgresql.org/wiki/WikiEditing
> probably the CA will require to also add some skip or
> insecure options, full bundles and how to build them, etc.
I'm not quite sure what you mean by these, but it might be easier to
read the wiki page you had in mind and comment on that.
Thanks!
--Jacob
view thread (15+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode
In-Reply-To: <CAOYmi+mTHahYXqBZH-bE1Z3Yc5SJ0gTHsM69LSVna2h7ftgVzQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox