From 72eb82b6872a135673aae5fc0cd2359e67687165 Mon Sep 17 00:00:00 2001
From: Johan Thomsen <jth@dbc.dk>
Date: Fri, 24 Aug 2018 11:54:21 +0200
Subject: [PATCH] certmgr: Add patch for optional trust of self-signed
 certificates at remote cfssl apiserver

---
 pkgs/tools/security/certmgr/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/security/certmgr/default.nix b/pkgs/tools/security/certmgr/default.nix
index fa3076e8b593..28cdcfdad084 100644
--- a/pkgs/tools/security/certmgr/default.nix
+++ b/pkgs/tools/security/certmgr/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, buildGoPackage, fetchFromGitHub }:
+{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }:
 
 buildGoPackage rec {
   version = "1.6.1";
@@ -13,6 +13,16 @@ buildGoPackage rec {
     sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
   };
 
+  # The following patch makes it possible to use a self-signed x509 cert
+  # for the cfssl apiserver.
+  # TODO: remove patch when PR is merged.
+  patches = [
+    (fetchpatch {
+      url    = "https://github.com/cloudflare/certmgr/pull/51.patch";
+      sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs";
+    })
+  ];
+
   meta = with stdenv.lib; {
     homepage = https://cfssl.org/;
     description = "Cloudflare's certificate manager";