Python client - Hard-coded CA bundle

Currently, the Python Client SDK verifies certificates against an outdated copy of Mozilla’s list of trusted CA’s. Why is it using a hard-coded copy rather than verifying against my system’s CA chain? This seems cumbersome and rather dangerous.

https://github.com/algolia/algoliasearch-client-python/blob/master/algoliasearch/resources/ca-bundle.crt

I’ve checked, and it doesn’t seem that other client implementations (the Java version for example) uses this.

1 Like

Hey @photonios!

Thanks for this remark! The file was added a while back (2014), and was an answer to the certificates not being checked at that time (we weren’t using requests).
Fortunately things have changed since, and it no longer makes sense to ship this file anymore: I will release a new version not packaging this file today!

4 Likes