fix(mcp): respect ssl_verify config for StreamableHTTP servers

When an MCP server config has ssl_verify: false (e.g. local dev with a self-signed cert), the setting was read from config.yaml but never passed to the httpx client, causing CERTIFICATE_VERIFY_FAILED errors and silent connection failures. Fix: read ssl_verify from config and pass it as the 'verify' kwarg to both code paths: - New API (mcp >= 1.24.0): httpx.AsyncClient(verify=ssl_verify) - Legacy API (mcp < 1.24.0): streamablehttp_client(..., verify=ssl_verify) Fixes local dev setups using ServBay, LocalWP, MAMP, or any stack with a self-signed TLS certificate.
2026-04-25 00:51:20 +00:00 · 2026-04-20 15:16:39 +02:00 · 2026-04-20 15:16:39 +02:00 · b80b400141
commit b80b400141
parent bf039a9268
1 changed files with 3 additions and 0 deletions
--- a/tools/mcp_tool.py
+++ b/tools/mcp_tool.py
@ -994,6 +994,7 @@ class MCPServerTask:
        url = config["url"]
        headers = dict(config.get("headers") or {})
        connect_timeout = config.get("connect_timeout", _DEFAULT_CONNECT_TIMEOUT)
+        ssl_verify = config.get("ssl_verify", True)

        # OAuth 2.1 PKCE: route through the central MCPOAuthManager so the
        # same provider instance is reused across reconnects, pre-flow
@ -1024,6 +1025,7 @@ class MCPServerTask:
            client_kwargs: dict = {
                "follow_redirects": True,
                "timeout": httpx.Timeout(float(connect_timeout), read=300.0),
+                "verify": ssl_verify,
            }
            if headers:
                client_kwargs["headers"] = headers
@ -1052,6 +1054,7 @@ class MCPServerTask:
            _http_kwargs: dict = {
                "headers": headers,
                "timeout": float(connect_timeout),
+                "verify": ssl_verify,
            }
            if _oauth_auth is not None:
                _http_kwargs["auth"] = _oauth_auth