[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Victor Stinner victor.stinner at gmail.com
Thu Jun 1 05:13:52 EDT 2017

2017-06-01 10:57 GMT+02:00 Antoine Pitrou <solipsis at pitrou.net>:
> If Requests is to remain 2.7-compatible, it's up to Requests to do the
> necessary work to do so.

In practice, CPython does include Requests in ensurepip. Because of
that, it means that Requests cannot use any C extension. CPython 2.7
ensurepip prevents evolutions of Requests on Python 3.7. Is my
rationale broken somehow?

The root issue is to get a very secure TLS connection in pip to
download packages from pypi.python.org. On CPython 3.6, we made
multiple small steps to include more and more features in the stdlib
ssl module, but I understand that the lack of root certificate
authorities (CA) on Windows and macOS is still a major blocker issue
for pip. That's why pip uses Requests which uses certifi (Mozilla
bundled root certificate authorities.)

pip and so Requests are part of the current success of the Python
community. I disagree that Requests pratical isssues are not our


Moreover, the PEP 546 Rationale not only include Requests, but also
the important PEP 543 to make CPython 3.7 more secure in the long
term. Do you also disagree on the need of the need of the PEP 546
(backport) to make the PEP 543 (new TLS API) feasible in practice?


More information about the Python-Dev mailing list