From b709bc9686844f524fc2f178e1d1895f7335b1bc Mon Sep 17 00:00:00 2001
From: Jesse Goerz <jesse.goerz@plansource.com>
Date: Wed, 16 Jan 2019 10:37:57 -0500
Subject: [PATCH 1/2] Add configuration of ssl cert store

Workaround for httpclient issue: nahi/httpclient/issues/369
---
 lib/rack/oauth2/client.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/rack/oauth2/client.rb b/lib/rack/oauth2/client.rb
index 68dfd2e..26328e9 100644
--- a/lib/rack/oauth2/client.rb
+++ b/lib/rack/oauth2/client.rb
@@ -3,7 +3,7 @@ module OAuth2
     class Client
       include AttrRequired, AttrOptional
       attr_required :identifier
-      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint
+      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint, :ssl_cert_file_or_dir
 
       def initialize(attributes = {})
         (required_attributes + optional_attributes).each do |key|
@@ -70,7 +70,9 @@ def force_token_type!(token_type)
 
       def access_token!(*args)
         headers, params = {}, @grant.as_json
+
         http_client = Rack::OAuth2.http_client
+        http_client.ssl_config.add_trust_ca(ssl_cert_file_or_dir) if ssl_cert_file_or_dir
 
         # NOTE:
         #  Using Array#estract_options! for backward compatibility.

From 45ad3e6b5b92a1b965e0c1186905a7dacd310894 Mon Sep 17 00:00:00 2001
From: Jesse Goerz <jesse.goerz@plansource.com>
Date: Wed, 16 Jan 2019 10:43:24 -0500
Subject: [PATCH 2/2] Add option to use system ssl defaults

---
 lib/rack/oauth2/client.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/rack/oauth2/client.rb b/lib/rack/oauth2/client.rb
index 26328e9..5931dad 100644
--- a/lib/rack/oauth2/client.rb
+++ b/lib/rack/oauth2/client.rb
@@ -3,7 +3,7 @@ module OAuth2
     class Client
       include AttrRequired, AttrOptional
       attr_required :identifier
-      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint, :ssl_cert_file_or_dir
+      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint, :ssl_cert_file_or_dir, :use_system_ssl
 
       def initialize(attributes = {})
         (required_attributes + optional_attributes).each do |key|
@@ -72,6 +72,7 @@ def access_token!(*args)
         headers, params = {}, @grant.as_json
 
         http_client = Rack::OAuth2.http_client
+        http_client.ssl_config.set_default_paths if use_system_ssl
         http_client.ssl_config.add_trust_ca(ssl_cert_file_or_dir) if ssl_cert_file_or_dir
 
         # NOTE: