This ticket depends on
PYTHON-2040, which adds PyOpenSSL as an alternative TLS provider. Python's standard library ssl module provides no support for stapled OCSP responses, only parsing extensions for OCSP URIs. We're going to support OCSP, stapling and must-staple. OCSP support will be optional, enabled through the use of an "ocsp" extra. Feature support will also add dependencies on requests (to make OCSP requests) and cryptography (to create OCSP requests and verify OCSP responses, stapled or otherwise). Cryptography is already a dependency of PyOpenSSL, and our own pymongocrypt package.