[Python][Client] Default to system CA instead of certifi (#8108)

* Use system CA by default and remove certifi

See https://github.com/OpenAPITools/openapi-generator/issues/6506

* Use system CA by default in asyncio client

* Update README_onlypackage.mustache

* Result of ./bin/generate-samples.sh

* Add ssl_ca_cert argument for Configuration

* Result of ./bin/generate-samples.sh

* Remove certifi, use system CA by default

samples/openapi3/client/extensions/x-auth-id-alias/python/requirements.txt

@@ -1,5 +1,4 @@
 nulltype
-certifi >= 14.05.14
 python_dateutil >= 2.5.3
 setuptools >= 21.0.0
-urllib3 >= 1.15.1
+urllib3 >= 1.25.3

samples/openapi3/client/extensions/x-auth-id-alias/python/setup.py

@@ -20,8 +20,7 @@ VERSION = "1.0.0"
 # http://pypi.python.org/pypi/setuptools
 
 REQUIRES = [
-  "urllib3 >= 1.15",
-  "certifi",
+  "urllib3 >= 1.25.3",
   "python-dateutil",
   "nulltype",
 ]

samples/openapi3/client/extensions/x-auth-id-alias/python/x_auth_id_alias/configuration.py

@@ -73,6 +73,8 @@ class Configuration(object):
     :param server_operation_variables: Mapping from operation ID to a mapping with
       string values to replace variables in templated server configuration.
       The validation of enums is performed for variables with defined enum values before.
+    :param ssl_ca_cert: str - the path to a file of concatenated CA certificates 
+      in PEM format
 
     :Example:
 
@@ -105,6 +107,7 @@ conf = x_auth_id_alias.Configuration(
                  disabled_client_side_validations="",
                  server_index=None, server_variables=None,
                  server_operation_index=None, server_operation_variables=None,
+                 ssl_ca_cert=None,
                  ):
         """Constructor
         """
@@ -170,7 +173,7 @@ conf = x_auth_id_alias.Configuration(
            Set this to false to skip verifying SSL certificate when calling API
            from https server.
         """
-        self.ssl_ca_cert = None
+        self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
         self.cert_file = None

samples/openapi3/client/extensions/x-auth-id-alias/python/x_auth_id_alias/rest.py

@@ -15,7 +15,6 @@ import re
 import ssl
 from urllib.parse import urlencode
 
-import certifi
 import urllib3
 
 from x_auth_id_alias.exceptions import ApiException, UnauthorizedException, ForbiddenException, NotFoundException, ServiceException, ApiValueError
@@ -56,13 +55,6 @@ class RESTClientObject(object):
         else:
             cert_reqs = ssl.CERT_NONE
 
-        # ca_certs
-        if configuration.ssl_ca_cert:
-            ca_certs = configuration.ssl_ca_cert
-        else:
-            # if not set certificate file, use Mozilla's root certificates.
-            ca_certs = certifi.where()
-
         addition_pool_args = {}
         if configuration.assert_hostname is not None:
             addition_pool_args['assert_hostname'] = configuration.assert_hostname  # noqa: E501
@@ -85,7 +77,7 @@ class RESTClientObject(object):
                 num_pools=pools_size,
                 maxsize=maxsize,
                 cert_reqs=cert_reqs,
-                ca_certs=ca_certs,
+                ca_certs=configuration.ssl_ca_cert,
                 cert_file=configuration.cert_file,
                 key_file=configuration.key_file,
                 proxy_url=configuration.proxy,
@@ -97,7 +89,7 @@ class RESTClientObject(object):
                 num_pools=pools_size,
                 maxsize=maxsize,
                 cert_reqs=cert_reqs,
-                ca_certs=ca_certs,
+                ca_certs=configuration.ssl_ca_cert,
                 cert_file=configuration.cert_file,
                 key_file=configuration.key_file,
                 **addition_pool_args