Expose SSL_OP_LEGACY_SERVER_CONNECT binding (#1234)

* Expose `SSL_OP_LEGACY_SERVER_CONNECT` binding based on pyca/cryptography#9303 refs mitmproxy/mitmproxy#6281 * Update CHANGELOG.rst
pyca · Jul 29, 2023 · b259bfb · b259bfb
1 parent a81306e
commit b259bfb
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -13,6 +13,8 @@ Backward-incompatible changes:
 - Dropped support for Python 3.6.
 - The minimum ``cryptography`` version is now 41.0.0.
 - Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for 3 years.
+- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.
+  `#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.
 
 Deprecations:
 ^^^^^^^^^^^^^

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -217,6 +217,12 @@
 except AttributeError:
     pass
 
+try:
+    OP_LEGACY_SERVER_CONNECT = _lib.SSL_OP_LEGACY_SERVER_CONNECT
+    __all__.append("OP_LEGACY_SERVER_CONNECT")
+except AttributeError:
+    pass
+
 OP_ALL = _lib.SSL_OP_ALL
 
 VERIFY_PEER = _lib.SSL_VERIFY_PEER