Hi! On Mon, 2026-01-05 at 10:37 -0800, Jacob Champion wrote: > > See https://wiki.postgresql.org/wiki/Category:OAuth_Working_GroupĀ for > a current list of tagged [oauth] proposals. Or is that not what > you're > asking about?
Not specifically, but that will work more than fine for sure! Thank you! > > Right, and I'm not. I guess that's the main disconnect here: I'm only > talking about enabling and disabling the features exposed by > PGOAUTHDEBUG. I don't think a debug level helps with that, which is > why I proposed a bitmap. > > But that's a feature for a different thread name. I think we should > continue this one by adding an oauth_ca_file connection parameter and > documentation, including the default behavior (which defers to Curl). > > Ok, promoting this to something external to the debug makes a lot of sense to me, that will help a lot to increase the possible usage of this parameter. I will for sure still allow an environment variable too like OAUTH_CA or OAUTH_CA_FILE, just because environment variable for these parameters is widely used, just like in curl[1] has cacert_file and support for CURL_CA_BUNDLE, both options make sure that users may not be limited. I already worked a patch (before this one) to add an option to pass the CA but I discarded that because I didn't thought it was going to be accepted, I can rework that with all the ideas, but, what do you think about creating a wiki page with all the ideas to manage the certificates? probably the CA will require to also add some skip or insecure options, full bundles and how to build them, etc. Regards! [1] https://curl.se/docs/sslcerts.html -- Jonathan Gonzalez V. <[email protected]> EnterpriseDB
