vault 0.16.0 → 0.18.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46c570463a1aba190e789e5b2516b4140d48961611ff058235d3b9744e6a6b24
-  data.tar.gz: c84a96cf71d9f405281f56629e0fb68a6ce051740ea46da60e35cabf37d8b44e
+  metadata.gz: 476b00af55107f31b54a20b77e1f451aef3d463908a457d7026fe669d0948547
+  data.tar.gz: 0072055306b85967a9a49abc230f2b1d5ed67521378825bfa2d7c849948cbc29
 SHA512:
-  metadata.gz: 98a20e963ec212e2269d1c28b581c24b356495789b4b37b20ebcb829c17904b518fc32f9cd2dadfcd59b957361410e7aa61f88e7ad419d72533d0ac1bd0ec68d
-  data.tar.gz: 35f0126a7e7ba6173662222a9006cd02bc2f78d6d674533546b68ad87420f99b1e26f1f160058b2a051c36a5faac219921ab24191f9165212ddc8f15c440e0a6
+  metadata.gz: 7d0619e6569b4f7ca9543f04545be9aa2bd0fe89c531eac135458b80b51d0d55a2667eae79290a7aecb389a4893d9fb6841505faffe623e056ff50889633490e
+  data.tar.gz: ef620f96b924e63b51deab4021c97d3f1f548722028b41a55a8c9b3f5beca930369b2a7c6f7f3c5b561f4dfc98fd6c4b5e3ed66660bdc053aa8b2c4af316a439

data/CHANGELOG.md

@@ -1,6 +1,27 @@
 # Vault Ruby Changelog
 
-## v0.16.0 (??? ??, 2021)
+## v?.??.? (Unreleased)
+
+## v0.18.1 (September 14, 2023)
+
+BUG FIXES
+
+- Restored the ability to use this gem with older Ruby versions that do not have
+  the `OpenSSL::SSL::TLS1_2_VERSION` constant.
+
+## v0.18.0 (September 14, 2023)
+
+IMPROVEMENTS
+
+- Added support for TLS v1.3 by replacing `ssl_version` with `min_version`.
+
+## v0.17.0 (May 11, 2022)
+
+IMPROVEMENTS
+
+- Added MissingRequiredStateErr error type to refer to 412s returned by Vault 1.10 when the WAL index on the node does not match the index in the Server-Side Consistent Token. This error type can be passed as a parameter to `#with_retries`, and will also be retried automatically when `#with_retries` is used with no parameters.
+
+## v0.16.0 (March 17, 2021)
 
 IMPROVEMENTS
 

data/LICENSE

@@ -1,3 +1,5 @@
+Copyright (c) 2015 HashiCorp, Inc.
+
 Mozilla Public License, version 2.0
 
 1. Definitions

data/lib/vault/api/approle.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"

data/lib/vault/api/auth.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"
@@ -286,12 +289,17 @@ module Vault
     # @param [String] path (default: 'cert')
     #   The path to the auth backend to use for the login procedure.
     #
+    # @param [String] name optional
+    #   The named certificate role provided to the login request. 
+    #
     # @return [Secret]
-    def tls(pem = nil, path = 'cert')
+    def tls(pem = nil, path = 'cert', name: nil)
       new_client = client.dup
       new_client.ssl_pem_contents = pem if !pem.nil?
 
-      json = new_client.post("/v1/auth/#{CGI.escape(path)}/login")
+      opts = {}
+      opts[:name] = name if name
+      json = new_client.post("/v1/auth/#{CGI.escape(path)}/login", opts)
       secret = Secret.decode(json)
       client.token = secret.auth.client_token
       return secret
@@ -308,7 +316,7 @@ module Vault
     #
     # @return [String] aws region
     def region_from_sts_endpoint(sts_endpoint)
-      valid_sts_endpoint = %r{https:\/\/sts\.?(.*).amazonaws.com}.match(sts_endpoint)
+      valid_sts_endpoint = %r{https:\/\/sts\.?(.*)\.amazonaws\.com}.match(sts_endpoint)
       raise "Unable to parse STS endpoint #{sts_endpoint}" unless valid_sts_endpoint
       valid_sts_endpoint[1].empty? ? 'us-east-1' : valid_sts_endpoint[1]
     end

data/lib/vault/api/auth_tls.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"

data/lib/vault/api/auth_token.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 require_relative "secret"

data/lib/vault/api/help.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "../client"
 require_relative "../response"
 

data/lib/vault/api/kv.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "secret"
 require_relative "../client"
 require_relative "../request"

data/lib/vault/api/logical.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "secret"
 require_relative "../client"
 require_relative "../request"

data/lib/vault/api/secret.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "time"
 
 require_relative "../response"

data/lib/vault/api/sys/audit.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/auth.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/health.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/init.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/leader.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class LeaderStatus < Response
     # @!method ha_enabled?

data/lib/vault/api/sys/lease.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Sys
     # Renew a lease with the given ID.

data/lib/vault/api/sys/mount.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault
@@ -23,6 +26,48 @@ module Vault
     field :options
   end
 
+  class MountTune < Response
+    # @!attribute [r] description
+    #   Specifies the description of the mount.
+    #   @return [String]
+    field :description
+
+    # @!attribute [r] default_lease_ttl
+    #   Specifies the default time-to-live.
+    #   @return [Fixnum]
+    field :default_lease_ttl
+
+    # @!attribute [r] max_lease_ttl
+    #   Specifies the maximum time-to-live.
+    #   @return [Fixnum]
+    field :max_lease_ttl
+
+    # @!attribute [r] audit_non_hmac_request_keys
+    #   Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the request data object.
+    #   @return [Array<String>]
+    field :audit_non_hmac_request_keys
+
+    # @!attribute [r] audit_non_hmac_response_keys
+    #   Specifies the comma-separated list of keys that will not be HMAC'd by audit devices in the response data object.
+    #   @return [Array<String>]
+    field :audit_non_hmac_response_keys
+
+    # @!attribute [r] listing_visibility
+    #   Specifies whether to show this mount in the UI-specific listing endpoint.
+    #   @return [String]
+    field :listing_visibility
+
+    # @!attribute [r] passthrough_request_headers
+    #   Comma-separated list of headers to whitelist and pass from the request to the plugin.
+    #   @return [Array<String>]
+    field :passthrough_request_headers
+
+    # @!attribute [r] allowed_response_headers
+    #   Comma-separated list of headers to whitelist, allowing a plugin to include them in the response.
+    #   @return [Array<String>]
+    field :allowed_response_headers
+  end
+
   class Sys < Request
     # List all mounts in the vault.
     #
@@ -57,6 +102,18 @@ module Vault
       return true
     end
 
+    # Get the mount tunings at a given path.
+    #
+    # @example
+    #   Vault.sys.get_mount_tune("pki") #=> { :pki => #<struct Vault::MountTune default_lease_ttl=2764800> }
+    #
+    # @return [MountTune]
+    def get_mount_tune(path)
+      json = client.get("/v1/sys/mounts/#{encode_path(path)}/tune")
+      json = json[:data] if json[:data]
+      return MountTune.decode(json)
+    end
+
     # Tune a mount at the given path.
     #
     # @example

data/lib/vault/api/sys/namespace.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Namespace < Response
     # @!attribute [r] id

data/lib/vault/api/sys/policy.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys/quota.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Quota < Response
     # @!attribute [r] name

data/lib/vault/api/sys/seal.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "json"
 
 module Vault

data/lib/vault/api/sys.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "../client"
 require_relative "../request"
 require_relative "../response"

data/lib/vault/api/transform/alphabet.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform/role.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform/template.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform/transformation.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../../request'
 require_relative '../../response'
 

data/lib/vault/api/transform.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative '../client'
 require_relative '../request'
 

data/lib/vault/api.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module API
     require_relative "api/approle"

data/lib/vault/client.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "cgi"
 require "json"
 require "uri"
@@ -45,6 +48,7 @@ module Vault
 
       # Failed to reach the server (aka bad URL)
       a << Errno::ECONNREFUSED
+      a << Errno::EADDRNOTAVAIL
 
       # Failed to read body or no response body given
       a << EOFError
@@ -60,10 +64,12 @@ module Vault
       a << PersistentHTTP::Error
     end.freeze
 
-    # Indicates a requested operation is not possible due to security
-    # concerns.
-    class SecurityError < RuntimeError
-    end
+    # Vault requires at least TLS1.2
+    MIN_TLS_VERSION = if defined? OpenSSL::SSL::TLS1_2_VERSION
+                        OpenSSL::SSL::TLS1_2_VERSION
+                      else
+                        "TLSv1_2"
+                      end
 
     include Vault::Configurable
 
@@ -113,8 +119,7 @@ module Vault
 
         @nhp.verify_mode = OpenSSL::SSL::VERIFY_PEER
 
-        # Vault requires TLS1.2
-        @nhp.ssl_version = "TLSv1_2"
+        @nhp.min_version = MIN_TLS_VERSION
 
         # Only use secure ciphers
         @nhp.ciphers = ssl_ciphers
@@ -245,10 +250,6 @@ module Vault
         request.basic_auth uri.user, uri.password
       end
 
-      if proxy_address and uri.scheme.downcase == "https"
-        raise SecurityError, "no direct https connection to vault"
-      end
-
       # Get a list of headers
       headers = DEFAULT_HEADERS.merge(headers)
 
@@ -387,17 +388,20 @@ module Vault
     #   the response object from the request
     def error(response)
       if response.body && response.body.match("missing client token")
-        raise MissingTokenError
-      end
-
-      # Use the correct exception class
-      case response
-      when Net::HTTPClientError
+        # Vault 1.10+ no longer returns "missing" client token" so we use HTTPClientError
         klass = HTTPClientError
-      when Net::HTTPServerError
-        klass = HTTPServerError
       else
-        klass = HTTPError
+        # Use the correct exception class
+        case response
+        when Net::HTTPPreconditionFailed
+          raise MissingRequiredStateError.new
+        when Net::HTTPClientError
+          klass = HTTPClientError
+        when Net::HTTPServerError
+          klass = HTTPServerError
+        else
+          klass = HTTPError
+        end
       end
 
       if (response.content_type || '').include?("json")

data/lib/vault/configurable.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative "defaults"
 
 module Vault

data/lib/vault/defaults.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "pathname"
 require "base64"
 
@@ -35,7 +38,7 @@ module Vault
 
     # The set of exceptions that are detect and retried by default
     # with `with_retries`
-    RETRIED_EXCEPTIONS = [HTTPServerError]
+    RETRIED_EXCEPTIONS = [HTTPServerError, MissingRequiredStateError]
 
     class << self
       # The list of calculated options for this configurable.

data/lib/vault/encode.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module EncodePath
 

data/lib/vault/errors.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class VaultError < RuntimeError; end
 
@@ -22,6 +25,18 @@ EOH
     end
   end
 
+  class MissingRequiredStateError < VaultError
+    def initialize
+      super <<-EOH
+The performance standby node does not yet have the 
+most recent index state required to authenticate 
+the request.
+
+Generally, the request should be retried with the with_retries clause.
+EOH
+    end
+  end
+
   class HTTPConnectionError < VaultError
     attr_reader :address
 

data/lib/vault/persistent/connection.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 ##
 # A Net::HTTP connection wrapper that holds extra information for managing the
 # connection's lifetime.

data/lib/vault/persistent/pool.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
 class PersistentHTTP::Pool < Vault::ConnectionPool # :nodoc:
 

data/lib/vault/persistent/timed_stack_multi.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
 class PersistentHTTP::TimedStackMulti < ConnectionPool::TimedStack # :nodoc:
 

data/lib/vault/persistent.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Vendored and modified from github.com/drbrain/net-http-persistent
 #
 require 'net/http'
@@ -71,11 +74,11 @@ autoload :OpenSSL, 'openssl'
 # #ca_path            :: Directory with certificate-authorities
 # #cert_store         :: An SSL certificate store
 # #ciphers            :: List of SSl ciphers allowed
+# #min_version        :: Minimum SSL version to use
 # #private_key        :: The client's SSL private key
 # #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
 #                        connection
 # #ssl_timeout        :: SSL session lifetime
-# #ssl_version        :: Which specific SSL version to use
 # #verify_callback    :: For server certificate verification
 # #verify_depth       :: Depth of certificate verification
 # #verify_mode        :: How connections should be verified
@@ -364,6 +367,11 @@ class PersistentHTTP
 
   attr_reader :name
 
+  ##
+  # Minimum SSL version to use.
+
+  attr_reader :min_version
+
   ##
   # Seconds to wait until a connection is opened.  See Net::HTTP#open_timeout
 
@@ -434,14 +442,6 @@ class PersistentHTTP
 
   attr_reader :ssl_timeout
 
-  ##
-  # SSL version to use.
-  #
-  # By default, the version will be negotiated automatically between client
-  # and server.  Ruby 1.9 and newer only.
-
-  attr_reader :ssl_version
-
   ##
   # Where this instance's last-use times live in the thread local variables
 
@@ -528,9 +528,9 @@ class PersistentHTTP
     @ca_file            = nil
     @ca_path            = nil
     @ciphers            = nil
+    @min_version        = nil
     @private_key        = nil
     @ssl_timeout        = nil
-    @ssl_version        = nil
     @verify_callback    = nil
     @verify_depth       = nil
     @verify_mode        = nil
@@ -603,10 +603,10 @@ class PersistentHTTP
   def connection_for uri
     use_ssl = uri.scheme.downcase == 'https'
 
-    net_http_args = [uri.host, uri.port]
+    net_http_args = [uri.hostname, uri.port]
 
     net_http_args.concat @proxy_args if
-      @proxy_uri and not proxy_bypass? uri.host, uri.port
+      @proxy_uri and not proxy_bypass? uri.hostname, uri.port
 
     connection = @pool.checkout net_http_args
 
@@ -715,7 +715,7 @@ class PersistentHTTP
   # Returns the HTTP protocol version for +uri+
 
   def http_version uri
-    @http_versions["#{uri.host}:#{uri.port}"]
+    @http_versions["#{uri.hostname}:#{uri.port}"]
   end
 
   ##
@@ -798,7 +798,7 @@ class PersistentHTTP
 
     if @proxy_uri then
       @proxy_args = [
-        @proxy_uri.host,
+        @proxy_uri.hostname,
         @proxy_uri.port,
         unescape(@proxy_uri.user),
         unescape(@proxy_uri.password),
@@ -973,7 +973,7 @@ class PersistentHTTP
       end
     end
 
-    @http_versions["#{uri.host}:#{uri.port}"] ||= response.http_version
+    @http_versions["#{uri.hostname}:#{uri.port}"] ||= response.http_version
 
     response
   end
@@ -1043,8 +1043,16 @@ class PersistentHTTP
     connection.use_ssl = true
 
     connection.ciphers     = @ciphers     if @ciphers
+
+    if @min_version
+      if connection.respond_to? :min_version=
+        connection.min_version = @min_version
+      else
+        connection.ssl_version = @min_version
+      end
+    end
+
     connection.ssl_timeout = @ssl_timeout if @ssl_timeout
-    connection.ssl_version = @ssl_version if @ssl_version
 
     connection.verify_depth = @verify_depth
     connection.verify_mode  = @verify_mode
@@ -1098,19 +1106,19 @@ application:
   end
 
   ##
-  # SSL session lifetime
+  # Minimum SSL version to use
 
-  def ssl_timeout= ssl_timeout
-    @ssl_timeout = ssl_timeout
+  def min_version= min_version
+    @min_version = min_version
 
     reconnect_ssl
   end
 
   ##
-  # SSL version to use
+  # SSL session lifetime
 
-  def ssl_version= ssl_version
-    @ssl_version = ssl_version
+  def ssl_timeout= ssl_timeout
+    @ssl_timeout = ssl_timeout
 
     reconnect_ssl
   end

data/lib/vault/request.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Request
     attr_reader :client

data/lib/vault/response.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   class Response
     # Defines a new field. This is designed to be used by the subclass as a

data/lib/vault/vendor/connection_pool/timed_stack.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require 'thread'
 require 'timeout'
 

data/lib/vault/vendor/connection_pool/version.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
 class ConnectionPool
   VERSION = "2.2.0"

data/lib/vault/vendor/connection_pool.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require_relative 'connection_pool/version'
 require_relative 'connection_pool/timed_stack'
 

data/lib/vault/version.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
-  VERSION = "0.16.0"
+  VERSION = "0.18.2"
 end

data/lib/vault.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   require_relative "vault/errors"
   require_relative "vault/client"
@@ -18,12 +21,13 @@ module Vault
       @client = Vault::Client.new
 
       # Set secure SSL options
-      OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options].tap do |opts|
-        opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
-        opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-        opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
-        opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+      OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |opts|
+        opts[:options] &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        opts[:options] |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+        opts[:options] |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+        opts[:options] |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
       end
+      
 
       self
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault
 version: !ruby/object:Gem::Version
-  version: 0.16.0
+  version: 0.18.2
 platform: ruby
 authors:
 - Seth Vargo
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-17 00:00:00.000000000 Z
+date: 2023-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
@@ -108,9 +108,23 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.8.3
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 description: Vault is a Ruby API client for interacting with a Vault server.
 email:
-- sethvargo@gmail.com
+- team-vault-devex@hashicorp.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -164,7 +178,7 @@ homepage: https://github.com/hashicorp/vault-ruby
 licenses:
 - MPL-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -179,8 +193,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Vault is a Ruby API client for interacting with a Vault server.
 test_files: []