On Tue, Jan 6, 2026 at 12:45 AM Jonathan Gonzalez V.
<[email protected]> wrote:
> I will for sure still allow an environment variable too like OAUTH_CA
> or OAUTH_CA_FILE, just because environment variable for these
> parameters is widely used, just like in curl[1] has cacert_file and
> support for CURL_CA_BUNDLE, both options make sure that users may not
> be limited.
Right -- I hadn't meant that you should remove the PGOAUTHCAFILE
envvar from your patch, just that an oauth_ca_file parameter should be
added as well.
> I already worked a patch (before this one) to add an option to pass the
> CA but I discarded that because I didn't thought it was going to be
> accepted, I can rework that with all the ideas, but, what do you think
> about creating a wiki page with all the ideas to manage the
> certificates?
You're more than welcome to add any wiki pages you think would be
useful -- you certainly don't need my permission :D
If you don't have edit access yet, see
https://wiki.postgresql.org/wiki/WikiEditing
> probably the CA will require to also add some skip or
> insecure options, full bundles and how to build them, etc.
I'm not quite sure what you mean by these, but it might be easier to
read the wiki page you had in mind and comment on that.
Thanks!
--Jacob
