[Python][Client] Default to system CA instead of certifi (#8108)

* Use system CA by default and remove certifi See https://github.com/OpenAPITools/openapi-generator/issues/6506 * Use system CA by default in asyncio client * Update README_onlypackage.mustache * Result of ./bin/generate-samples.sh * Add ssl_ca_cert argument for Configuration * Result of ./bin/generate-samples.sh * Remove certifi, use system CA by default
2020-12-16 00:36:35 +00:00
parent 952cd9c689
commit a4f84b2f8c
43 changed files with 81 additions and 156 deletions
--- a/samples/client/petstore/python-asyncio/petstore_api/configuration.py
+++ b/samples/client/petstore/python-asyncio/petstore_api/configuration.py
@@ -77,6 +77,8 @@ class Configuration(object):
    :param server_operation_variables: Mapping from operation ID to a mapping with
      string values to replace variables in templated server configuration.
      The validation of enums is performed for variables with defined enum values before.
+    :param ssl_ca_cert: str - the path to a file of concatenated CA certificates 
+      in PEM format 

    :Example:

@@ -125,6 +127,7 @@ conf = petstore_api.Configuration(
                 disabled_client_side_validations="",
                 server_index=None, server_variables=None,
                 server_operation_index=None, server_operation_variables=None,
+                 ssl_ca_cert=None,
                 ):
        """Constructor
        """
@@ -193,7 +196,7 @@ conf = petstore_api.Configuration(
           Set this to false to skip verifying SSL certificate when calling API
           from https server.
        """
-        self.ssl_ca_cert = None
+        self.ssl_ca_cert = ssl_ca_cert
        """Set this to customize the certificate file to verify the peer.
        """
        self.cert_file = None
--- a/samples/client/petstore/python-asyncio/petstore_api/rest.py
+++ b/samples/client/petstore/python-asyncio/petstore_api/rest.py
@@ -17,7 +17,6 @@ import re
 import ssl

 import aiohttp
-import certifi
 # python 2 and python 3 compatibility library
 from six.moves.urllib.parse import urlencode

@@ -51,14 +50,7 @@ class RESTClientObject(object):
        if maxsize is None:
            maxsize = configuration.connection_pool_maxsize

-        # ca_certs
-        if configuration.ssl_ca_cert:
-            ca_certs = configuration.ssl_ca_cert
-        else:
-            # if not set certificate file, use Mozilla's root certificates.
-            ca_certs = certifi.where()
-
-        ssl_context = ssl.create_default_context(cafile=ca_certs)
+        ssl_context = ssl.create_default_context(cafile=configuration.ssl_ca_cert)
        if configuration.cert_file:
            ssl_context.load_cert_chain(
                configuration.cert_file, keyfile=configuration.key_file