Create an Extra for Better SSL Support

[dstufft]

So right now the SSL connections when you use pyOpenSSL, ndg-httspclient, and pyasn1 are more secure than if you just use the stdlib options. However it's hard to actually remember those three things. It would be cool if requests would add an extra to it's setup.py so that people can install requests with betterssl, something like:

setup(
    extras_require={
        "betterssl": ["pyOpenSSL", "ndg-httpsclient", "pyasn1"],
    },
)

Would make it so people can install requests like pip install requests[betterssl] and get all of those dependencies without having to manually track those down. It also means people could depend on requests[betterssl] instead of just requests in their own setup.py's.

Extra name can of course be bikeshed here :)

[dstufft]

Also by default requests can't connect to some sites on OSX because of ancient OpenSSL. Using the above 3 packages makes it possible.

Python 2.7.5 (default, Sep 12 2013, 21:33:34)
[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.0.68)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get("https://www.howsmyssl.com/a/check")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/hynek/.virtualenvs/1bd80d533b702044/lib/python2.7/site-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/Users/hynek/.virtualenvs/1bd80d533b702044/lib/python2.7/site-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/Users/hynek/.virtualenvs/1bd80d533b702044/lib/python2.7/site-packages/requests/sessions.py", line 383, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/hynek/.virtualenvs/1bd80d533b702044/lib/python2.7/site-packages/requests/sessions.py", line 486, in send
    r = adapter.send(request, **kwargs)
  File "/Users/hynek/.virtualenvs/1bd80d533b702044/lib/python2.7/site-packages/requests/adapters.py", line 385, in send
    raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

[sigmavirus24]

I like this idea.

[alex]

👍 from me as well.

[Lukasa]

I'm happy to do this as well. @kennethreitz, do you want to do this?

Would be nice if we could have a bit of the docs that talks about building the most secure possible form of requests, including stuff like installing OpenSSL from Homebrew and then building against that.

[t-8ch]

+1
This would be much better to document.
I would give it a neutral name a la PyOpenSSL as the other codepath isn't magic fairy dust and may exhibit other bugs.

[sigmavirus24]

@dstufft can we do something like requests[+PyOpenSSL] or requests[+betterssl]? By which I mean: is the + allowed by distutils/setuptools?

[dstufft]

Pretty sure it is not.

[alex]

No, a + won't parse correctly on the pip install side.

On Sat, Apr 26, 2014 at 2:16 PM, Ian Cordasco notifications@git.luolix.topwrote:

@dstufft https://github.com/dstufft can we do something like
requests[+PyOpenSSL] or requests[+betterssl]? By which I mean: is the +allowed by distutils/setuptools?

—
Reply to this email directly or view it on GitHubhttps://github.com/kennethreitz/requests/issues/1995#issuecomment-41481134
.

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084

[sigmavirus24]

@kennethreitz any update on this?

[kennethreitz]

I absolutely want to do this.

[SmartGeometry]

I found pyOpenSSL would cause memory problem, I use requests.get to request https://www.baidu.com for 10000times and memory growed!