On Wed, Feb 18, 2026 at 7:08 AM Zsolt Parragi <[email protected]> wrote: > 1 is the same patch I already sent as part of the PGOAUTHCAFILE > discussion[1], rebased on the current master: it splits > PGOAUTHDEBUG=UNSAFE into separate unsafe/safe settings which users can > toggle one by one. > > 2 is a new unsafe setting issuer-mismatch, which allows a connection > to continue if the client and server issuers don't match. While this > isn't useful for end users, it makes testing validators easier, as > validators authors should be able to verify that mismatched > configurations are rejected properly by the validator.
v2, attached, rebases this over 993368113. The big change is the removal of `custom-ca`; there were a couple of other tweaks to get both commits compiling independently. --Jacob
since-v1.nocfbot.diff
Description: Binary data
v2-0001-Split-PGOAUTHDEBUG-UNSAFE-into-multiple-options.patch
Description: Binary data
v2-0002-Add-new-PGOAUTHDEBUG-option-issuer-mismatch.patch
Description: Binary data
