From 4f53fe897a219436c3342a948e7738634027f4b3 Mon Sep 17 00:00:00 2001
From: Kyle Havlovitz <kylehav@gmail.com>
Date: Fri, 18 Jan 2019 09:58:01 -0800
Subject: [PATCH 1/2] oss: add the enterprise server stub for intention
 replication check

---
 agent/consul/enterprise_server_oss.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/agent/consul/enterprise_server_oss.go b/agent/consul/enterprise_server_oss.go
index 84b49403b..8064e6b38 100644
--- a/agent/consul/enterprise_server_oss.go
+++ b/agent/consul/enterprise_server_oss.go
@@ -30,3 +30,7 @@ func (s *Server) handleEnterpriseRPCConn(rtype pool.RPCType, conn net.Conn, isTL
 func (s *Server) enterpriseStats() map[string]map[string]string {
 	return nil
 }
+
+func (s *Server) intentionReplicationEnabled() bool {
+	return false
+}

From 5a5436380b29fdee5c3f5ea23a3792b46f9b574d Mon Sep 17 00:00:00 2001
From: Kyle Havlovitz <kylehav@gmail.com>
Date: Tue, 22 Jan 2019 11:15:09 -0800
Subject: [PATCH 2/2] connect/ca: return a better error message if the CA isn't
 fully initialized when signing

---
 agent/connect/ca/provider_consul.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go
index 8971d5cd9..d82eb53bc 100644
--- a/agent/connect/ca/provider_consul.go
+++ b/agent/connect/ca/provider_consul.go
@@ -328,6 +328,9 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
 	if err != nil {
 		return "", err
 	}
+	if providerState.PrivateKey == "" {
+		return "", ErrNotInitialized
+	}
 
 	// Create the keyId for the cert from the signing private key.
 	signer, err := connect.ParseSigner(providerState.PrivateKey)
@@ -623,9 +626,9 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
 	serialNum := &big.Int{}
 	serialNum.SetUint64(sn)
 	template := x509.Certificate{
-		SerialNumber:          serialNum,
-		Subject:               pkix.Name{CommonName: name},
-		URIs:                  []*url.URL{id.URI()},
+		SerialNumber: serialNum,
+		Subject:      pkix.Name{CommonName: name},
+		URIs:         []*url.URL{id.URI()},
 		BasicConstraintsValid: true,
 		KeyUsage: x509.KeyUsageCertSign |
 			x509.KeyUsageCRLSign |