added the cert bundle for facebook http things

app/models/app_config.rb

@@ -37,6 +37,24 @@ HELP
 
     super
     
+    if self[:ca_file].blank? && Rails.env.development?
+      OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 
+    end
+
+    if no_cert_file_in_prod?
+      $stderr.puts <<-HELP
+******** Diaspora does not know where your SSL-CA-Certificates file is. **********
+  Please add the root certificate bundle (this is operating system specific) to application.yml. Defaults:
+    CentOS: '/etc/pki/tls/certs/ca-bundle.crt'
+    Debian: '/etc/ssl/certs/ca-certificates.crt'
+
+  Example:
+    ca_file: '/etc/ssl/certs/ca-certificates.crt'
+******** Thanks for being secure! **********
+HELP
+      Process.exit(1)
+    end
+
     normalize_pod_url
     normalize_admins
   end
@@ -49,6 +67,10 @@ HELP
     !File.exists?(@source)
   end
 
+  def self.no_cert_file_in_prod?
+    (Rails.env == "production") && !File.exists?(self[:ca_file])
+  end
+
   def self.have_old_config_file?
     File.exists?(File.join(Rails.root, "config", "app.yml")) || (File.exists?(File.join(Rails.root, "config", "app_config.yml")))
   end
@@ -94,4 +116,4 @@ HELP
     end
     return @@pod_uri
   end
-end
+end

app/models/services/facebook.rb

@@ -9,7 +9,7 @@ class Services::Facebook < Service
     Rails.logger.debug("event=post_to_service type=facebook sender_id=#{self.user_id}")
     message = public_message(post, url)
     begin
-      RestClient.post("https://graph.facebook.com/me/feed", :message => message, :access_token => self.access_token)
+      Faraday.post("https://graph.facebook.com/me/feed", :message => message, :access_token => self.access_token)
     rescue Exception => e
       Rails.logger.info("#{e.message} failed to post to facebook")
     end
@@ -39,7 +39,7 @@ class Services::Facebook < Service
 
   def save_friends
     url = "https://graph.facebook.com/me/friends?fields[]=name&fields[]=picture&access_token=#{URI.escape(self.access_token)}"
-    response = RestClient.get(url)
+    response = Faraday.get(url)
     data = JSON.parse(response.body)['data']
     data.each{ |p|
       ServiceUser.find_or_create_by_service_id_and_uid(:service_id => self.id, :name => p["name"],

config/application.yml.example

@@ -127,6 +127,7 @@ defaults: &defaults
   # Set this to true if you want to do everything synchronously instead of using resque, our redis-backed queue system.
   single_process_mode: true
 
+
 # Use this section to override default settings in specific environments
 development:
   <<: *defaults
@@ -136,6 +137,11 @@ production:
   <<: *defaults
   single_process_mode: false
 
+  # Setting the root certificate bundle (this is operating system specific). Defaults:
+  # CentOS: '/etc/pki/tls/certs/ca-bundle.crt'
+  # Debian: '/etc/ssl/certs/ca-certificates.crt'
+  ca_file: '/etc/pki/tls/certs/ca-bundle.crt'
+
 # Do not touch unless you know what you're doing
 test:
   <<: *defaults

config/initializers/faraday.rb

@@ -0,0 +1,5 @@
+#   Copyright (c) 2011, Diaspora Inc.  This file is
+#   licensed under the Affero General Public License version 3 or later.  See
+#   the COPYRIGHT file.
+
+Faraday.default_connection = Faraday::Connection.new( :ssl => {:ca_file => AppConfig[:ca_file]} )

config/initializers/omniauth.rb

@@ -10,6 +10,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
     provider :tumblr, SERVICES['tumblr']['consumer_key'], SERVICES['tumblr']['consumer_secret']
   end
   if SERVICES['facebook'] && SERVICES['facebook']['app_id'] && SERVICES['facebook']['app_secret']
-    provider :facebook, SERVICES['facebook']['app_id'], SERVICES['facebook']['app_secret'], :scope => "publish_stream,email,offline_access"
+    provider :facebook, SERVICES['facebook']['app_id'], SERVICES['facebook']['app_secret'],  { :scope => "publish_stream,email,offline_access",
+                                                                                               :client_options => {:ssl => {:ca_file => AppConfig[:ca_file]}}}
   end
 end