On Wed, Feb 18, 2026 at 7:08 AM Zsolt Parragi <zsolt.parragi@percona.com> wrote:
> 1 is the same patch I already sent as part of the PGOAUTHCAFILE
> discussion[1], rebased on the current master: it splits
> PGOAUTHDEBUG=UNSAFE into separate unsafe/safe settings which users can
> toggle one by one.
>
> 2 is a new unsafe setting issuer-mismatch, which allows a connection
> to continue if the client and server issuers don't match. While this
> isn't useful for end users, it makes testing validators easier, as
> validators authors should be able to verify that mismatched
> configurations are rejected properly by the validator.
v2, attached, rebases this over 993368113. The big change is the
removal of `custom-ca`; there were a couple of other tweaks to get
both commits compiling independently.
--Jacob
