From b80b400141ebcc64b889d91f29826a88eef2f50a Mon Sep 17 00:00:00 2001 From: Loic Moncany Date: Mon, 20 Apr 2026 15:16:39 +0200 Subject: [PATCH] fix(mcp): respect ssl_verify config for StreamableHTTP servers When an MCP server config has ssl_verify: false (e.g. local dev with a self-signed cert), the setting was read from config.yaml but never passed to the httpx client, causing CERTIFICATE_VERIFY_FAILED errors and silent connection failures. Fix: read ssl_verify from config and pass it as the 'verify' kwarg to both code paths: - New API (mcp >= 1.24.0): httpx.AsyncClient(verify=ssl_verify) - Legacy API (mcp < 1.24.0): streamablehttp_client(..., verify=ssl_verify) Fixes local dev setups using ServBay, LocalWP, MAMP, or any stack with a self-signed TLS certificate. --- tools/mcp_tool.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/mcp_tool.py b/tools/mcp_tool.py index aecc0cc23..2de479338 100644 --- a/tools/mcp_tool.py +++ b/tools/mcp_tool.py @@ -994,6 +994,7 @@ class MCPServerTask: url = config["url"] headers = dict(config.get("headers") or {}) connect_timeout = config.get("connect_timeout", _DEFAULT_CONNECT_TIMEOUT) + ssl_verify = config.get("ssl_verify", True) # OAuth 2.1 PKCE: route through the central MCPOAuthManager so the # same provider instance is reused across reconnects, pre-flow @@ -1024,6 +1025,7 @@ class MCPServerTask: client_kwargs: dict = { "follow_redirects": True, "timeout": httpx.Timeout(float(connect_timeout), read=300.0), + "verify": ssl_verify, } if headers: client_kwargs["headers"] = headers @@ -1052,6 +1054,7 @@ class MCPServerTask: _http_kwargs: dict = { "headers": headers, "timeout": float(connect_timeout), + "verify": ssl_verify, } if _oauth_auth is not None: _http_kwargs["auth"] = _oauth_auth