Fix connection to HTTPS servers

[kaiyou]

A pyOpenSSL issue currently prevents from safely setting a
timeout on a socket used for SSL:

pyca/pyopenssl#168

Current workarounds do not sound good enough for production,
it seems safe to assume that a longer timeout is will bring
less harm than unexpected SSL errors.

[zeha]

Could you explain a bit under which conditions this happens? (Probably only some software versions are affected?)

[zeha]

Apparently this started becoming an issue with requests 2.4, which added a betterssl/security extra, pulling in pyopenssl.

[kaiyou]

Actually, this affects requests 1.x up to 1.2.3. I cannot reproduce with requests >= 2.0.0. I will investigate why the pyopenssll issue is still open and if pdnscontrol could actually start supporting requests >= 2.0.0.

[kaiyou]

Bissected down to requests 2.0.0 for the fix, the changelog does not mention anything about SSL or timeouts however, still digging :

> pip install "requests==1.2.3" && python2.7 -c 'print __import__("requests").get("https://github.com", timeout=1.0)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "requests/sessions.py", line 335, in request
    resp = self.send(prep, **send_kwargs)
  File "requests/sessions.py", line 438, in send
    r = adapter.send(request, **kwargs)
  File "requests/adapters.py", line 331, in send
    raise SSLError(e)
requests.exceptions.SSLError
> pip install "requests==2.0.0" && python2.7 -c 'print __import__("requests").get("https://github.com", timeout=1.0)'                                                                                           ⏎
<Response [200]>```

[kaiyou]

Okay, it seems this commit silently fixed the bug when introducing urllib3 : kennethreitz/requests@2f39e0e.

I have been trying to run pdnscontrol with requests 2.7.0 for the past few hours, successfully for now. Supporting requests >= 2.0.0 would probably be a better fix than the one I pushed.

[zeha]

OK, then I'm all for going to requests 2.x. Did you have to patch anything or did it just work?

[kaiyou]

It just worked with requests 2.7.0 (or at least no issue seems to be related to requests). Here is my current pip freeze after trying to upgrade most of the dependencies, python debug.py and the gunicorn server work just as well on my system:

Flask==0.10.1
Flask-Assets==0.10
Flask-Login==0.2.11
Flask-Mail==0.9.1
Flask-Principal==0.4.0
Flask-Script==2.0.5
Flask-Security==1.7.4
Flask-SQLAlchemy==2.0
Flask-WTF==0.12
gunicorn==19.3.0
itsdangerous==0.24
Jinja2==2.8
MarkupSafe==0.23
passlib==1.6.4
requests==2.7.0
SQLAlchemy==1.0.8
webassets==0.10.1
Werkzeug==0.10.4
wheel==0.24.0
WTForms==2.0.2

I will be working on fixing most of the blocking issues for my personal use during the next few days, I will give a try to this updated environment and provide feedback. I believe this pull request is pointless anyway.