Hello! On Tue, 2026-01-06 at 08:28 -0800, Jacob Champion wrote: > On Tue, Jan 6, 2026 at 12:45 AM Jonathan Gonzalez V. > <[email protected]> wrote: > > I will for sure still allow an environment variable too like > > OAUTH_CA > > or OAUTH_CA_FILE, just because environment variable for these > > parameters is widely used, just like in curl[1] has cacert_file and > > support for CURL_CA_BUNDLE, both options make sure that users may > > not > > be limited. > > Right -- I hadn't meant that you should remove the PGOAUTHCAFILE > envvar from your patch, just that an oauth_ca_file parameter should > be > added as well.
Haaa ok! I totally misunderstood, I'll add that option! makes totally send to me! > > > > probably the CA will require to also add some skip or > > insecure options, full bundles and how to build them, etc. > > I'm not quite sure what you mean by these, but it might be easier to > read the wiki page you had in mind and comment on that. Ok! I'll try to add some stuff related to certificates in general, no just the CA and everything, because it could be really confusing to anyone how to user and generate the certificates, even with a known CA it's not an easy task, and with OAuth adding more certificates can be even more complicated. Thank you!! -- Jonathan Gonzalez V. <[email protected]> EnterpriseDB
