fix(mcp): respect ssl_verify config for StreamableHTTP/SSE servers (salvage #13038)#14343
Merged
Conversation
When an MCP server config has ssl_verify: false (e.g. local dev with a self-signed cert), the setting was read from config.yaml but never passed to the httpx client, causing CERTIFICATE_VERIFY_FAILED errors and silent connection failures. Fix: read ssl_verify from config and pass it as the 'verify' kwarg to both code paths: - New API (mcp >= 1.24.0): httpx.AsyncClient(verify=ssl_verify) - Legacy API (mcp < 1.24.0): streamablehttp_client(..., verify=ssl_verify) Fixes local dev setups using ServBay, LocalWP, MAMP, or any stack with a self-signed TLS certificate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Salvages #13038 by @lmoncany onto current main.
Adds
ssl_verify: bool = Trueconfig knob to MCP server entries in config.yaml. Threads it through both httpx client constructions in_run_http— the StreamableHTTP path (line 1025) and the SSE fallback path (line 1054). DefaultTruemeans no behavior change; users running a self-hosted MCP server with a self-signed cert on their LAN can now setssl_verify: falsein their server config block.Clean 3-line addition, symmetric across both transport branches.
Closes #13038. Author attribution preserved via cherry-pick.