| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [oauth] Split and extend PGOAUTHDEBUG |
| Date: | 2026-03-30 21:41:38 |
| Message-ID: | CAOYmi+k_et3yXpJ8op71-95j7OYg-kX5bWLgW9YTV_5G7f+O1A@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Feb 18, 2026 at 7:08 AM Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> wrote:
> 1 is the same patch I already sent as part of the PGOAUTHCAFILE
> discussion[1], rebased on the current master: it splits
> PGOAUTHDEBUG=UNSAFE into separate unsafe/safe settings which users can
> toggle one by one.
>
> 2 is a new unsafe setting issuer-mismatch, which allows a connection
> to continue if the client and server issuers don't match. While this
> isn't useful for end users, it makes testing validators easier, as
> validators authors should be able to verify that mismatched
> configurations are rejected properly by the validator.
v2, attached, rebases this over 993368113. The big change is the
removal of `custom-ca`; there were a couple of other tweaks to get
both commits compiling independently.
--Jacob
| Attachment | Content-Type | Size |
|---|---|---|
| since-v1.nocfbot.diff | application/octet-stream | 14.2 KB |
| v2-0001-Split-PGOAUTHDEBUG-UNSAFE-into-multiple-options.patch | application/octet-stream | 19.4 KB |
| v2-0002-Add-new-PGOAUTHDEBUG-option-issuer-mismatch.patch | application/octet-stream | 7.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zsolt Parragi | 2026-03-30 21:46:34 | Re: Custom oauth validator options |
| Previous Message | Jacob Champion | 2026-03-30 21:33:29 | Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode |