pyOpenSSL is optional

celery/security/__init__.py

@@ -17,6 +17,13 @@ def setup_security():
     if conf.CELERY_TASK_SERIALIZER != 'auth':
         return
 
+    try:
+        from OpenSSL import crypto
+    except ImportError:
+        raise ImproperlyConfigured(
+            "You need to install pyOpenSSL library to use "
+            "the auth serializer.")
+
     key = getattr(conf, 'CELERY_SECURITY_KEY', None)
     cert = getattr(conf, 'CELERY_SECURITY_CERTIFICATE', None)
     store = getattr(conf, 'CELERY_SECURITY_CERT_STORE', None)

celery/security/certificate.py

@@ -1,16 +1,19 @@
 import os
 import glob
 
-from OpenSSL import crypto
-from OpenSSL.crypto import FILETYPE_PEM
+try:
+    from OpenSSL import crypto
+except ImportError:
+    crypto = None
 
 from celery.security.exceptions import SecurityError
 
 class Certificate(object):
     """X.509 certificate"""
     def __init__(self, cert):
+        assert crypto is not None
         try:
-            self._cert = crypto.load_certificate(FILETYPE_PEM, cert)
+            self._cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
         except crypto.Error, e:
             raise SecurityError("Invalid certificate", e)
 

celery/security/key.py

@@ -1,12 +1,15 @@
-from OpenSSL import crypto
-from OpenSSL.crypto import FILETYPE_PEM
+try:
+    from OpenSSL import crypto
+except ImportError:
+    crypto = None
 
 from celery.security.exceptions import SecurityError
 
 class PrivateKey(object):
     def __init__(self, key):
+        assert crypto is not None
         try:
-            self._key = crypto.load_privatekey(FILETYPE_PEM, key)
+            self._key = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
         except crypto.Error, e:
             raise SecurityError("Invalid private key", e)