Installation of a diaspora pod for OpenBSD 5.4 went rather smoothly, considering the fact that there are still no instructions at Diaspora foundation wiki. I skimmed through instructions for FreeBSD, tried (and gave up on) PostgreSQL and installed with MySQL backend, following rather simple text on installation.
On creation of the first few accounts, a “500 server error” would pop up, but the accounts were accessible immediately after a reload of the front page. At first I thought this was a sign that diaspora’s code is still in its infancy, but I was wrong – it was my admin’s skills that are slowly degenerating: after I reckoned it has to be my mistakes, logs proved that Webrick wasn’t able to communicate with redis over UNIX socket. I changed the connection type to TCP, and the “500 error” was gone.
Adding contacts from another pod was yet another problem. The logs showed that my pod had no trust in other pod’s SSL certs, and kind people on #diaspora channel at irc.freenode.net explained to me that ‘certificate_authorities’ in config/diaspora.yml should point to a CA cert that people can trust, and my self-signed cert isn’t one of those.
Install p5-Mozilla-CA for OpenBSD and point your ‘certificate_authorities’ there, and you’ll be able to communicate with those who use ‘official’ [sic!] certificates to sign their communications.
Since a cert authority file is not a binary, but a text file, would it work if I simply add another self-signed cert on top of the existing ones, in my CA.pem, and the peer does the same? Probably! I am currently looking for a partner in such a ‘crime’, to test the solutions we can come with regarding the self-signed certificates. Finally, I concatenated my server.crt to Mozilla’s, in hope that it might work. I’ll happily write down the findings here, once I have more on this… annoying bug.
For those willing to try, the cert is here:
Add it to your CA.crt, search for “firstname.lastname@example.org” and let me know if it worked. If your pod has the self-signed cert, like diaspora.simulakrum.org, remember that I have to add that key to my CA.crt, too, in order to try the workaround.