From 30792edac6b49396ce9a8575be8d2c8eb0f200c7 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 27 Jul 2023 21:49:57 +0200
Subject: [PATCH 1/3] Expose `SSL_OP_LEGACY_SERVER_CONNECT` binding

based on https://github.com/pyca/cryptography/pull/9303

refs https://github.com/mitmproxy/mitmproxy/pull/6281
---
 src/OpenSSL/SSL.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 46e43bd97..a0d0b6acb 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -217,6 +217,12 @@
 except AttributeError:
     pass
 
+try:
+    OP_LEGACY_SERVER_CONNECT = _lib.SSL_OP_LEGACY_SERVER_CONNECT
+    __all__.append("OP_LEGACY_SERVER_CONNECT")
+except AttributeError:
+    pass
+
 OP_ALL = _lib.SSL_OP_ALL
 
 VERIFY_PEER = _lib.SSL_VERIFY_PEER

From efc7d9a7df33f64d445fa2e794bdcb9040a4b92a Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 27 Jul 2023 21:54:23 +0200
Subject: [PATCH 2/3] Update CHANGELOG.rst

---
 CHANGELOG.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 0525349ea..e66ace131 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -13,6 +13,8 @@ Backward-incompatible changes:
 - Dropped support for Python 3.6.
 - The minimum ``cryptography`` version is now 41.0.0.
 - Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for 3 years.
+- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.
+  `#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.
 
 Deprecations:
 ^^^^^^^^^^^^^

From 4d42c527f24fb0b0968883d54cbe1b2a27c92dbd Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Fri, 28 Jul 2023 08:05:32 +0200
Subject: [PATCH 3/3]