From cdeca4ed926d4616d0be42c6bcddd8b9b6dd7074 Mon Sep 17 00:00:00 2001
From: Andrew Stuart <andrew.stuart2@gmail.com>
Date: Wed, 9 Dec 2015 14:55:03 -0700
Subject: [PATCH 1/6] Remove flag check before trying pkcs8 parsing.

---
 helper/certutil/types.go | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/helper/certutil/types.go b/helper/certutil/types.go
index d25a7de85..2b5c852a9 100644
--- a/helper/certutil/types.go
+++ b/helper/certutil/types.go
@@ -248,18 +248,12 @@ func (p *ParsedCertBundle) getSigner() (crypto.Signer, error) {
 		return nil, UserError{"Given parsed cert bundle does not have private key information"}
 	}
 
-	if p.PKCS8 {
-		if k, err := x509.ParsePKCS8PrivateKey(p.PrivateKeyBytes); err == nil {
-			switch k := k.(type) {
-			case *rsa.PrivateKey:
-				return k, nil
-			case *ecdsa.PrivateKey:
-				return k, nil
-			default:
-				return nil, UserError{fmt.Sprintf("Unable to determine pkcs8 key type")}
-			}
-		} else {
-			return nil, UserError{fmt.Sprintf("Error decoding pkcs8: %v", err)}
+	if k, err := x509.ParsePKCS8PrivateKey(p.PrivateKeyBytes); err == nil {
+		switch k := k.(type) {
+		case *rsa.PrivateKey:
+			return k, nil
+		case *ecdsa.PrivateKey:
+			return k, nil
 		}
 	}
 

From e25b3ad34473690bea42880c8cc3b4ca4d0aa693 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 10 Dec 2015 10:26:40 -0500
Subject: [PATCH 2/6] Update documentation to be consistent with return codes

Fixes #831
---
 CHANGELOG.md                           | 2 +-
 api/SPEC.md                            | 2 +-
 website/source/docs/http/index.html.md | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2b47571e..d2b714394 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -121,7 +121,7 @@ generate them, leading to client errors.
 MISC:
 
  * Various documentation fixes and improvements [GH-685] [GH-688] [GH-697]
-   [GH-710] [GH-715]
+   [GH-710] [GH-715] [GH-831]
 
 ## 0.3.1 (October 6, 2015)
 
diff --git a/api/SPEC.md b/api/SPEC.md
index e73683e5b..15345f390 100644
--- a/api/SPEC.md
+++ b/api/SPEC.md
@@ -87,7 +87,7 @@ The following HTTP status codes are used throughout the API.
 - `200` - Success with data.
 - `204` - Success, no data returned.
 - `400` - Invalid request, missing or invalid data.
-- `401` - Unauthorized, your authentication details are either
+- `403` - Forbidden, your authentication details are either
    incorrect or you don't have access to this feature.
 - `404` - Invalid path. This can both mean that the path truly
    doesn't exist or that you don't have permission to view a
diff --git a/website/source/docs/http/index.html.md b/website/source/docs/http/index.html.md
index 19064b63f..0c180774d 100644
--- a/website/source/docs/http/index.html.md
+++ b/website/source/docs/http/index.html.md
@@ -133,7 +133,7 @@ The following HTTP status codes are used throughout the API.
 - `204` - Success, no data returned.
 - `400` - Invalid request, missing or invalid data. See the
    "validation" section for more details on the error response.
-- `401` - Unauthorized, your authentication details are either
+- `403` - Forbidden, your authentication details are either
    incorrect or you don't have access to this feature.
 - `404` - Invalid path. This can both mean that the path truly
    doesn't exist or that you don't have permission to view a

From 5f1f95fc06ff09136a4a262a157b6ef0d2b3ed28 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 10 Dec 2015 11:55:40 -0500
Subject: [PATCH 3/6] Add check for DOCKER_CROSS_IMAGE in dist script

---
 scripts/dist.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/dist.sh b/scripts/dist.sh
index cf5531b13..9e428b125 100755
--- a/scripts/dist.sh
+++ b/scripts/dist.sh
@@ -14,6 +14,11 @@ if ([ -z $AWS_ACCESS_KEY_ID ] || [ -z $AWS_SECRET_ACCESS_KEY ]) && [ ! -z $HC_RE
     exit 1
 fi
 
+if [ -z $NOBUILD ] && [ -z $DOCKER_CROSS_IMAGE ]; then
+    echo "Please set the Docker cross-compile image in DOCKER_CROSS_IMAGE"
+    exit 1
+fi
+
 # Get the parent directory of where this script is.
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done

From 016e0dd0f38804725fbebf4eb4e689d614854086 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 10 Dec 2015 12:49:58 -0500
Subject: [PATCH 4/6] Bump website version

---
 website/config.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/config.rb b/website/config.rb
index 550e7e1e8..fdf880ee5 100644
--- a/website/config.rb
+++ b/website/config.rb
@@ -2,7 +2,7 @@ set :base_url, "https://www.vaultproject.io/"
 
 activate :hashicorp do |h|
   h.name         = "vault"
-  h.version      = "0.3.1"
+  h.version      = "0.4.0"
   h.github_slug  = "hashicorp/vault"
   h.website_root = "website"
 

From 889245c99073c1bdba17f271a7ee3d2f751ea376 Mon Sep 17 00:00:00 2001
From: Andrew Stuart <andrew.stuart2@gmail.com>
Date: Thu, 10 Dec 2015 16:33:42 -0700
Subject: [PATCH 6/6] Remove debugging print statement in
 compareCertBundleToParsedCertBundle

---
 helper/certutil/certutil_test.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/helper/certutil/certutil_test.go b/helper/certutil/certutil_test.go
index 2d03a42c1..0673bfc26 100644
--- a/helper/certutil/certutil_test.go
+++ b/helper/certutil/certutil_test.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"log"
 	"strings"
 	"testing"
 
@@ -158,7 +157,6 @@ func compareCertBundleToParsedCertBundle(cbut *CertBundle, pcbut *ParsedCertBund
 			return fmt.Errorf("Bundle has wrong private key type")
 		}
 		if cb.PrivateKey != privRSAKeyPem && cb.PrivateKey != privRSA8KeyPem {
-			log.Println(cb.PrivateKey, privRSAKeyPem, privRSA8KeyPem)
 			return fmt.Errorf("Bundle private key does not match")
 		}
 	case "ec":