From 4a207ed785cecc15e8b20f34f9acd6094634fa30 Mon Sep 17 00:00:00 2001
From: nov <nov@matake.jp>
Date: Fri, 1 Oct 2021 11:25:26 +0900
Subject: [PATCH] stop using httpclient's root cert set.

ref.) https://github.com/nahi/httpclient/issues/445
---
 lib/rack/oauth2.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/rack/oauth2.rb b/lib/rack/oauth2.rb
index caa86173..4a2a33b4 100644
--- a/lib/rack/oauth2.rb
+++ b/lib/rack/oauth2.rb
@@ -43,6 +43,11 @@ def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_confi
       _http_client_ = HTTPClient.new(
         agent_name: agent_name
       )
+
+      # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
+      _http_client_.ssl_config.clear_cert_store
+      _http_client_.ssl_config.cert_store.set_default_paths
+
       http_config.try(:call, _http_client_)
       local_http_config.try(:call, _http_client_) unless local_http_config.nil?
       _http_client_.request_filter << Debugger::RequestFilter.new if debugging?