Avoid dependency on pyOpenSSL when using Python 2.7.9 [JIRA: CLIENTS-408]

[acaprari]

Many enhancements of the Python 3 ssl module have been backported to Python 2.7.9.
In particular, the class SSLContext() is available and could be used instead of relying on the pyOpenSSL module. This would avoid the inclusion of a lot of new dependencies: pyopenssl, cryptography, pyasn1, enum34, pycparser, cffi.

I suggest to change riak/transports/security.py not to use six.PY2 to decide whether to use the pyOpenSSL, and instead check for the actual availability of ssl.SSLContext.

[hazen]

@alefend One issue we have also is determining the version of OpenSSL against which Python was built. Since many users will have Python 2.7.x, where x < 9, I'm afraid we'll still need to use PyOpenSSL. We are using the native ssl library for Python 3.x, however.

[acaprari]

I think a similar check could be performed in the other part of the package. If you are referring to the riak.security module, the check for six.PY2 can be changed to a check for hasattr(ssl, 'OPENSSL_VERSION_NUMBER').

I don't suggest to drop the pyOpenSSL requirement at all, just to drop it for Python releases >= 2.7.9.

[hazen]

@alefend OK, I see what you are suggesting. It's a good idea, but I'd have to do some testing it to determine the cost/benefit.

[acaprari]

Another option would be to make those dependencies optional using the extras_require feature of setuptools.

I saw it used for a similar purpose in the requests package.

[hazen]

@alefend How is the 2.7.9 port? I found that in 3.3 there were missing features found in 3.4, for example.

[acaprari]

Hi @javajolt, we are currently using the proposed changes in production without issues (but against a Riak server with no security)

[hazen]

@alefend Awesome! I'll just have to verify everything still works on the various other versions, too. It looks like the Certificate Revocation Lists are still not working in native Python; something pyOpenSSL did support. Let me review all the changes you made.

[Basho-JIRA]

[~brett] it looks like this can be moved along the Jira board. Will this be the only thing added in the next Python client release?

_[posted via JIRA by Derek Somogyi]_

[Basho-JIRA]

No I hope to get in [CLIENTS-342|https://bashoeng.atlassian.net/browse/CLIENTS-342], [CLIENTS-417 (#402) (#402)|https://bashoeng.atlassian.net/browse/CLIENTS-417 (#402) (#402)], [CLIENTS-361|https://bashoeng.atlassian.net/browse/CLIENTS-361], [CLIENTS-332|https://bashoeng.atlassian.net/browse/CLIENTS-332] and see if I can fix [CLIENTS-514 (#406) (#406)|https://bashoeng.atlassian.net/browse/CLIENTS-514 (#406) (#406)]

_[posted via JIRA by Brett Hazen]_

[Basho-JIRA]

This went out with the 2.3.0 release: #397

_[posted via JIRA by Brett Hazen]_