Please consider removal of custom ca-cert included within codebase.

[danmarsden]

It's generally considered bad practice to include your own version of the ca-cert bundle. Can you please look at removing this from your codebase? I can see how it might be "convenient" but it means that when performing a security review, we need to check to make sure your version of the ca-certs haven't been compromised.

[remi-stripe]

@danmarsden Thanks for the report! We'll look into this and see if it's something we could deprecate in the future!

[Sheaffy]

I can agree with this.

Or at the very least, give us a option to use the systems certs via a function call similar to setCABundlePath.