Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode

Hello!

On Tue, 2026-01-06 at 08:28 -0800, Jacob Champion wrote:
> On Tue, Jan 6, 2026 at 12:45 AM Jonathan Gonzalez V.
> <jonathan(dot)abdiel(at)gmail(dot)com> wrote:
> > I will for sure still allow an environment variable too like
> > OAUTH_CA
> > or OAUTH_CA_FILE, just because environment variable for these
> > parameters is widely used, just like in curl[1] has cacert_file and
> > support for CURL_CA_BUNDLE, both options make sure that users may
> > not
> > be limited.
>
> Right -- I hadn't meant that you should remove the PGOAUTHCAFILE
> envvar from your patch, just that an oauth_ca_file parameter should
> be
> added as well.

Haaa ok! I totally misunderstood, I'll add that option! makes totally
send to me!

>
>
> > probably the CA will require to also add some skip or
> > insecure options, full bundles and how to build them, etc.
>
> I'm not quite sure what you mean by these, but it might be easier to
> read the wiki page you had in mind and comment on that.

Ok! I'll try to add some stuff related to certificates in general, no
just the CA and everything, because it could be really confusing to
anyone how to user and generate the certificates, even with a known CA
it's not an easy task, and with OAuth adding more certificates can be
even more complicated.

Thank you!!

--
Jonathan Gonzalez V. <jonathan(dot)abdiel(at)gmail(dot)com>
EnterpriseDB