In order to customize TLS validation logic in pyOpenSSL, some constants are sometimes needed. For example, Tahoe-LAFS currently uses X509_V_ERR_CERT_NOT_YET_VALID, X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, and a few others (https://github.com/tahoe-lafs/tahoe-lafs/blob/d92470d233533bdc8ae1f014ca3a82b0ce74e3f3/src/allmydata/storage/http_client.py#L220).

Previous to cryptography v40, these were available there, but they no longer are.

@alex suggested that:

1. They get added to public interface of pyOpenSSL, since that is the consumer.
2. cryptography is then updated appropriately to expose just what pyOpenSSL needs.

I assume they should be exposed in OpenSSL.SSL?

• PR to cryptography adding the constants is merged.
• PR to this repository conditionally adding these to OpenSSL.SSL.__all__.