From 3b95da3ea48c3f60f133cdefe1382fce5d44a770 Mon Sep 17 00:00:00 2001
From: cyli <cyli@twistedmatrix.com>
Date: Thu, 13 Apr 2017 17:25:55 -0700
Subject: [PATCH] Require "requests[security]" if the `[tls]` option is
 selected, which also installs: pyOpenSSL, cryptography, idna

and installs cryptography's version of openssl in Mac OS (which by default has an
ancient version of openssl that doesn't support TLS 1.2).

Signed-off-by: cyli <cyli@twistedmatrix.com>
---
 README.md        |  4 ++++
 requirements.txt |  2 +-
 setup.py         | 10 ++++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 747b98b25..3ff124d7a 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,10 @@ The latest stable version [is available on PyPI](https://pypi.python.org/pypi/do
 
     pip install docker
 
+If you are intending to connect to a docker host via TLS, add `docker[tls]` to your requirements instead, or install with pip:
+
+    pip install docker[tls]
+
 ## Usage
 
 Connect to Docker using the default socket or the configuration in your environment:
diff --git a/requirements.txt b/requirements.txt
index 375413122..423ffb700 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-requests==2.11.1
+requests[security]==2.11.1
 six>=1.4.0
 websocket-client==0.32.0
 backports.ssl_match_hostname>=3.5 ; python_version < '3.5'
diff --git a/setup.py b/setup.py
index 31180d239..534c9495d 100644
--- a/setup.py
+++ b/setup.py
@@ -35,6 +35,16 @@
     # ssl_match_hostname to verify hosts match with certificates via
     # ServerAltname: https://pypi.python.org/pypi/backports.ssl_match_hostname
     ':python_version < "3.3"': 'ipaddress >= 1.0.16',
+
+    # If using docker-py over TLS, highly recommend this option is pip-installed
+    # or pinned.
+
+    # TODO: if pip installign both "requests" and "requests[security]", the
+    # extra package from the "security" option are not installed (see
+    # https://github.com/pypa/pip/issues/4391).  Once that's fixed, instead of
+    # installing the extra dependencies, install the following instead:
+    # 'requests[security] >= 2.5.2, != 2.11.0, != 2.12.2'
+    'tls': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],
 }
 
 version = None