If I understand our release process correctly, the right release version will be 3.4.1 here.

3.4.0 is already released and it doesn't have OPT_X_TLS_PEERCERT option.

Hmm, should we use a placeholder in these and leave replacing that to the release process?

We can do that, but I think it makes more sense to plan the changes because if we use a placeholder, then when we have the next release, it will be dynamically filled with some amount of fixes/features, and it'll feel too unpredictable.

So I think it'll be more natural to triage the issues we work on, assign the milestone, and then when we have the next release, we do the tagging, etc.
Also, this way we'll be able to plan major changes ahead of time (like the removal of Python 2 was planned for 3.4.0).

I've updated this, also removed some deprecated options and constants according to #67. I guess if everything is OK, we'll get OpenLDAP 2.5 support and that might warrant pushing out 3.4.1, unless we want some other things in there too, creating a milestone for tracking.

I agree that OpenLDAP 2.5 support is already a solid reason to release. So as it's done, I think, we can review what has changed since 3.4.0 release and push out 3.4.1 as you suggested. :)

Thanks, I've merged this. Could you review what other issues should go into 3.4.1 and add them? Also review pending PRs, I think I'll add a fix for #448 into that shortly.