From 0b4a74de5b136873ad2699846e664644c466aae6 Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Fri, 22 Sep 2017 19:03:22 +0530
Subject: [PATCH 1/7] Update Makefile

---
 Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile b/Makefile
index 0bf1d1464784..edb882565a48 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,8 @@ dev: fmtcheck prep
 	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
 dev-dynamic: prep
 	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
+dev-strip: fmtcheck prep
+	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 VAULT_STRIP_BINARIES=1 sh -c "'$(CURDIR)/scripts/build.sh'"
 
 # test runs the unit tests and vets the code
 test: fmtcheck prep

From 4325f41642de1dda06b4aae9ed680bc6cf46b417 Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Fri, 22 Sep 2017 19:07:14 +0530
Subject: [PATCH 2/7] Update build.sh

---
 scripts/build.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index 6a1cb51f6d1f..b794c677339d 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -43,11 +43,15 @@ if [ "${VAULT_DEV_BUILD}x" != "x" ]; then
     XC_OSARCH=$(go env GOOS)/$(go env GOARCH)
 fi
 
+if [[ "${VAULT_STRIP_BINARIES}x" != "x" ]]; then
+    LD_FLAGS="-s -w "
+fi
+
 # Build!
 echo "==> Building..."
 gox \
     -osarch="${XC_OSARCH}" \
-    -ldflags "-X github.com/hashicorp/vault/version.GitCommit='${GIT_COMMIT}${GIT_DIRTY}'" \
+    -ldflags "${LD_FLAGS}-X github.com/hashicorp/vault/version.GitCommit='${GIT_COMMIT}${GIT_DIRTY}'" \
     -output "pkg/{{.OS}}_{{.Arch}}/vault" \
     -tags="${BUILD_TAGS}" \
     .

From 8d8b74f1fd11fe64e6051992fef5110f74ecbc18 Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Sat, 23 Sep 2017 16:47:09 +0530
Subject: [PATCH 3/7] Reverted back strip vault binary changes

---
 Makefile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Makefile b/Makefile
index edb882565a48..0bf1d1464784 100644
--- a/Makefile
+++ b/Makefile
@@ -21,8 +21,6 @@ dev: fmtcheck prep
 	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
 dev-dynamic: prep
 	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
-dev-strip: fmtcheck prep
-	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 VAULT_STRIP_BINARIES=1 sh -c "'$(CURDIR)/scripts/build.sh'"
 
 # test runs the unit tests and vets the code
 test: fmtcheck prep

From a3d3005f55e3e31d9af8891aee0701e88a63c7d4 Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Mon, 25 Sep 2017 12:02:43 +0530
Subject: [PATCH 4/7] Update build.sh - Add comment for the changes made

---
 scripts/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index b794c677339d..a584a6d25f74 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -42,7 +42,7 @@ if [ "${VAULT_DEV_BUILD}x" != "x" ]; then
     XC_ARCH=$(go env GOARCH)
     XC_OSARCH=$(go env GOOS)/$(go env GOARCH)
 fi
-
+# If VAULT_STRIP_BINARIES env variable is set, then remove symbols from vault binary.
 if [[ "${VAULT_STRIP_BINARIES}x" != "x" ]]; then
     LD_FLAGS="-s -w "
 fi

From 82f1694365d526d8c9ed6a391559e0eb7f463ea7 Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Wed, 8 Nov 2017 18:19:33 +0530
Subject: [PATCH 5/7] Remove VAULT_STRIP_BINARIES check

LD_FLAGS can be used as environment variable
---
 scripts/build.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index 287aafdb26f1..35596244b68f 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -42,10 +42,6 @@ if [ "${VAULT_DEV_BUILD}x" != "x" ]; then
     XC_ARCH=$(go env GOARCH)
     XC_OSARCH=$(go env GOOS)/$(go env GOARCH)
 fi
-# If VAULT_STRIP_BINARIES env variable is set, then remove symbols from vault binary.
-if [[ "${VAULT_STRIP_BINARIES}x" != "x" ]]; then
-    LD_FLAGS+=" -s -w "
-fi
 
 # Build!
 echo "==> Building..."

From e76f498b26c6e62bd35c75e1395a7cd54af35bc2 Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Wed, 28 Feb 2018 19:48:21 +0530
Subject: [PATCH 6/7] Update listener.go

---
 command/server/listener.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/command/server/listener.go b/command/server/listener.go
index be83cba956d7..6b429d751ed4 100644
--- a/command/server/listener.go
+++ b/command/server/listener.go
@@ -161,7 +161,12 @@ func listenerWrapTLS(
 		if disableClientCerts && requireVerifyCerts {
 			return nil, nil, nil, fmt.Errorf("'tls_disable_client_certs' and 'tls_require_and_verify_client_cert' are mutually exclusive")
 		}
-		tlsConf.ClientAuth = tls.NoClientCert
+		if disableClientCerts {
+			tlsConf.ClientAuth = tls.NoClientCert
+		}
+		if !disableClientCerts {
+			tlsConf.ClientAuth = tls.VerifyClientCertIfGiven
+		}
 	}
 
 	ln = tls.NewListener(ln, tlsConf)

From 38c71635945e708e8162808d87068ecf30e1e0ce Mon Sep 17 00:00:00 2001
From: Bharath B <bharathgowda23@gmail.com>
Date: Wed, 28 Feb 2018 20:33:55 +0530
Subject: [PATCH 7/7] Set TLS Client Auth to NoClientCert, only when
 tls_disable_client_certs is set to true.

---
 command/server/listener.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/command/server/listener.go b/command/server/listener.go
index b475fa8ae4c7..f820320bc168 100644
--- a/command/server/listener.go
+++ b/command/server/listener.go
@@ -180,9 +180,6 @@ PASSPHRASECORRECT:
 		if disableClientCerts {
 			tlsConf.ClientAuth = tls.NoClientCert
 		}
-		if !disableClientCerts {
-			tlsConf.ClientAuth = tls.VerifyClientCertIfGiven
-		}
 	}
 
 	ln = tls.NewListener(ln, tlsConf)