From a158c21e8c961684e4e62587d3efa4fd45eb0b1c Mon Sep 17 00:00:00 2001 From: Roo Code Date: Sun, 28 Sep 2025 18:43:10 +0000 Subject: [PATCH 01/19] feat: add certificate trust configuration for MCP servers - Add certificateTrust configuration options for SSE and StreamableHTTP transports - Support allowSelfSigned, caCertPath, and rejectUnauthorized options - Implement HTTPS agent configuration for Node.js fetch operations - Add comprehensive tests for certificate trust configuration - Add documentation explaining usage and security considerations Fixes #8355 --- .review/pr-8274 | 1 + docs/mcp-certificate-trust.md | 167 ++++++++++++++++++++++ src/services/mcp/McpHub.ts | 111 +++++++++++++- src/services/mcp/__tests__/McpHub.spec.ts | 113 +++++++++++++++ tmp/pr-8287-Roo-Code | 1 + 5 files changed, 387 insertions(+), 6 deletions(-) create mode 160000 .review/pr-8274 create mode 100644 docs/mcp-certificate-trust.md create mode 160000 tmp/pr-8287-Roo-Code diff --git a/.review/pr-8274 b/.review/pr-8274 new file mode 160000 index 000000000..e46929b8d --- /dev/null +++ b/.review/pr-8274 @@ -0,0 +1 @@ +Subproject commit e46929b8d8add0cd3c412d69f8ac882c405a4ba9 diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md new file mode 100644 index 000000000..6e690a15a --- /dev/null +++ b/docs/mcp-certificate-trust.md @@ -0,0 +1,167 @@ +# MCP Server Certificate Trust Configuration + +This document describes how to configure certificate trust settings for MCP servers that use HTTPS connections (SSE and StreamableHTTP transports). + +## Overview + +When connecting to MCP servers over HTTPS, you may encounter servers that use: + +- Self-signed certificates +- Certificates signed by internal/corporate Certificate Authorities (CAs) +- Certificates that would otherwise be rejected by default Node.js certificate validation + +The certificate trust configuration allows you to specify how these certificates should be handled. + +## Configuration Options + +Certificate trust settings can be added to any SSE or StreamableHTTP server configuration in your MCP settings file. + +### Available Options + +| Option | Type | Default | Description | +| -------------------- | ------- | --------- | ----------------------------------------------------------- | +| `allowSelfSigned` | boolean | false | Allow connections to servers using self-signed certificates | +| `caCertPath` | string | undefined | Path to a CA certificate file (PEM format) to trust | +| `rejectUnauthorized` | boolean | true | Whether to reject unauthorized certificates | + +## Configuration Examples + +### 1. Allow Self-Signed Certificates + +```json +{ + "mcpServers": { + "my-internal-server": { + "type": "sse", + "url": "https://internal.company.com/mcp", + "certificateTrust": { + "allowSelfSigned": true + } + } + } +} +``` + +### 2. Trust a Custom CA Certificate + +```json +{ + "mcpServers": { + "corporate-server": { + "type": "streamable-http", + "url": "https://api.internal.corp/mcp", + "certificateTrust": { + "caCertPath": "/path/to/company-ca.pem" + } + } + } +} +``` + +### 3. Disable Certificate Validation (Development Only) + +⚠️ **Warning**: This configuration disables certificate validation entirely and should only be used in development environments. + +```json +{ + "mcpServers": { + "dev-server": { + "type": "sse", + "url": "https://dev.local:8443/mcp", + "certificateTrust": { + "rejectUnauthorized": false + } + } + } +} +``` + +### 4. Combined Configuration + +```json +{ + "mcpServers": { + "complex-server": { + "type": "sse", + "url": "https://secure.internal.com/mcp", + "headers": { + "Authorization": "Bearer token" + }, + "certificateTrust": { + "allowSelfSigned": true, + "caCertPath": "/etc/ssl/certs/internal-ca.pem", + "rejectUnauthorized": false + } + } + } +} +``` + +## Obtaining CA Certificates + +### From System Certificate Store + +On many systems, CA certificates are stored in standard locations: + +- **Linux**: `/etc/ssl/certs/` or `/usr/share/ca-certificates/` +- **macOS**: Can be exported from Keychain Access +- **Windows**: Can be exported from Certificate Manager (certmgr.msc) + +### From Your IT Department + +For corporate environments, contact your IT department to obtain: + +1. The internal CA certificate (usually in PEM or CRT format) +2. Instructions on where to save it securely +3. Any specific certificate validation requirements + +### Converting Certificate Formats + +If you have a certificate in DER/CER format, convert it to PEM: + +```bash +openssl x509 -inform der -in certificate.cer -out certificate.pem +``` + +## Security Considerations + +1. **Production Environments**: Always use proper certificates signed by trusted CAs in production. + +2. **Certificate Validation**: Only disable `rejectUnauthorized` in development environments where security is not a concern. + +3. **CA Certificate Storage**: Store CA certificate files in a secure location with appropriate file permissions. + +4. **Regular Updates**: Keep CA certificates up to date, especially for internal CAs that may rotate periodically. + +## Troubleshooting + +### Common Error Messages + +1. **"UNABLE_TO_VERIFY_LEAF_SIGNATURE"**: The server's certificate cannot be verified. Consider adding the CA certificate using `caCertPath`. + +2. **"SELF_SIGNED_CERT_IN_CHAIN"**: The certificate chain contains a self-signed certificate. Set `allowSelfSigned: true` if this is expected. + +3. **"CERT_HAS_EXPIRED"**: The certificate has expired. Contact the server administrator to renew it. + +### Debugging Certificate Issues + +To debug certificate issues, you can test the connection using OpenSSL: + +```bash +# View server certificate +openssl s_client -connect hostname:port -showcerts + +# Test with a specific CA certificate +openssl s_client -connect hostname:port -CAfile /path/to/ca.pem +``` + +## Limitations + +- Certificate trust settings only apply to SSE and StreamableHTTP transports +- STDIO transport servers do not use HTTPS and therefore don't need certificate configuration +- The configuration requires Node.js environment; browser-based implementations may have different requirements + +## Related Documentation + +- [MCP Server Configuration](./mcp-servers.md) +- [Model Context Protocol Specification](https://modelcontextprotocol.io) diff --git a/src/services/mcp/McpHub.ts b/src/services/mcp/McpHub.ts index caca5ddb3..df1eb1fb7 100644 --- a/src/services/mcp/McpHub.ts +++ b/src/services/mcp/McpHub.ts @@ -65,6 +65,16 @@ const BaseConfigSchema = z.object({ disabledTools: z.array(z.string()).default([]), }) +// Certificate trust configuration schema +const CertificateTrustSchema = z.object({ + // Allow self-signed certificates + allowSelfSigned: z.boolean().optional(), + // Path to CA certificate file (PEM format) + caCertPath: z.string().optional(), + // Reject unauthorized certificates (default: true for security) + rejectUnauthorized: z.boolean().optional().default(true), +}) + // Custom error messages for better user feedback const typeErrorMessage = "Server type must be 'stdio', 'sse', or 'streamable-http'" const stdioFieldsErrorMessage = @@ -102,6 +112,8 @@ const createServerTypeSchema = () => { type: z.enum(["sse"]).optional(), url: z.string().url("URL must be a valid URL format"), headers: z.record(z.string()).optional(), + // Certificate trust configuration for HTTPS connections + certificateTrust: CertificateTrustSchema.optional(), // Ensure no stdio fields are present command: z.undefined().optional(), args: z.undefined().optional(), @@ -117,6 +129,8 @@ const createServerTypeSchema = () => { type: z.enum(["streamable-http"]).optional(), url: z.string().url("URL must be a valid URL format"), headers: z.record(z.string()).optional(), + // Certificate trust configuration for HTTPS connections + certificateTrust: CertificateTrustSchema.optional(), // Ensure no stdio fields are present command: z.undefined().optional(), args: z.undefined().optional(), @@ -735,10 +749,47 @@ export class McpHub { } } else if (configInjected.type === "streamable-http") { // Streamable HTTP connection + const requestInit: RequestInit = { + headers: configInjected.headers, + } + + // Apply certificate trust settings if configured + if (configInjected.certificateTrust) { + const { allowSelfSigned, caCertPath, rejectUnauthorized } = configInjected.certificateTrust + + // For Node.js fetch, we need to configure the agent + if (typeof process !== "undefined" && process.versions && process.versions.node) { + const https = await import("https") + const fs = await import("fs/promises") + + const agentOptions: any = {} + + // Handle certificate rejection + if (rejectUnauthorized === false || allowSelfSigned === true) { + agentOptions.rejectUnauthorized = false + } + + // Load CA certificate if provided + if (caCertPath) { + try { + const caCert = await fs.readFile(caCertPath, "utf-8") + agentOptions.ca = caCert + } catch (error) { + console.error(`Failed to load CA certificate from ${caCertPath}:`, error) + throw new Error( + `Failed to load CA certificate: ${error instanceof Error ? error.message : String(error)}`, + ) + } + } + + // Create HTTPS agent with certificate trust settings + const agent = new https.Agent(agentOptions) + ;(requestInit as any).agent = agent + } + } + transport = new StreamableHTTPClientTransport(new URL(configInjected.url), { - requestInit: { - headers: configInjected.headers, - }, + requestInit, }) // Set up Streamable HTTP specific error handling @@ -766,18 +817,66 @@ export class McpHub { headers: configInjected.headers, }, } + // Configure ReconnectingEventSource options - const reconnectingEventSourceOptions = { + const reconnectingEventSourceOptions: any = { max_retry_time: 5000, // Maximum retry time in milliseconds withCredentials: configInjected.headers?.["Authorization"] ? true : false, // Enable credentials if Authorization header exists - fetch: (url: string | URL, init: RequestInit) => { + } + + // Apply certificate trust settings if configured + if (configInjected.certificateTrust) { + const { allowSelfSigned, caCertPath, rejectUnauthorized } = configInjected.certificateTrust + + // For Node.js fetch used by ReconnectingEventSource + if (typeof process !== "undefined" && process.versions && process.versions.node) { + const https = await import("https") + const fs = await import("fs/promises") + + const agentOptions: any = {} + + // Handle certificate rejection + if (rejectUnauthorized === false || allowSelfSigned === true) { + agentOptions.rejectUnauthorized = false + } + + // Load CA certificate if provided + if (caCertPath) { + try { + const caCert = await fs.readFile(caCertPath, "utf-8") + agentOptions.ca = caCert + } catch (error) { + console.error(`Failed to load CA certificate from ${caCertPath}:`, error) + throw new Error( + `Failed to load CA certificate: ${error instanceof Error ? error.message : String(error)}`, + ) + } + } + + // Create HTTPS agent with certificate trust settings + const agent = new https.Agent(agentOptions) + + // Custom fetch function that includes the HTTPS agent + reconnectingEventSourceOptions.fetch = (url: string | URL, init: RequestInit) => { + const headers = new Headers({ ...(init?.headers || {}), ...(configInjected.headers || {}) }) + return fetch(url, { + ...init, + headers, + agent: agent as any, + }) + } + } + } else { + // Default fetch function without certificate trust modifications + reconnectingEventSourceOptions.fetch = (url: string | URL, init: RequestInit) => { const headers = new Headers({ ...(init?.headers || {}), ...(configInjected.headers || {}) }) return fetch(url, { ...init, headers, }) - }, + } } + global.EventSource = ReconnectingEventSource transport = new SSEClientTransport(new URL(configInjected.url), { ...sseOptions, diff --git a/src/services/mcp/__tests__/McpHub.spec.ts b/src/services/mcp/__tests__/McpHub.spec.ts index 1db924ed6..e86666c82 100644 --- a/src/services/mcp/__tests__/McpHub.spec.ts +++ b/src/services/mcp/__tests__/McpHub.spec.ts @@ -1798,6 +1798,119 @@ describe("McpHub", () => { }) }) + describe("Certificate trust configuration", () => { + it("should accept SSE server with certificate trust configuration", () => { + const config = { + type: "sse", + url: "https://api.example.com/mcp", + headers: { Authorization: "Bearer token" }, + certificateTrust: { + allowSelfSigned: true, + caCertPath: "/path/to/ca.pem", + rejectUnauthorized: false, + }, + } + + const result = ServerConfigSchema.safeParse(config) + expect(result.success).toBe(true) + if (result.success && result.data.type === "sse") { + expect(result.data.type).toBe("sse") + expect(result.data.certificateTrust).toEqual({ + allowSelfSigned: true, + caCertPath: "/path/to/ca.pem", + rejectUnauthorized: false, + }) + } + }) + + it("should accept StreamableHTTP server with certificate trust configuration", () => { + const config = { + type: "streamable-http", + url: "https://api.example.com/mcp", + headers: { Authorization: "Bearer token" }, + certificateTrust: { + allowSelfSigned: false, + rejectUnauthorized: true, + }, + } + + const result = ServerConfigSchema.safeParse(config) + expect(result.success).toBe(true) + if (result.success && result.data.type === "streamable-http") { + expect(result.data.type).toBe("streamable-http") + expect(result.data.certificateTrust).toEqual({ + allowSelfSigned: false, + rejectUnauthorized: true, + }) + } + }) + + it("should accept SSE server with only CA certificate path", () => { + const config = { + type: "sse", + url: "https://api.example.com/mcp", + certificateTrust: { + caCertPath: "/path/to/ca.pem", + }, + } + + const result = ServerConfigSchema.safeParse(config) + expect(result.success).toBe(true) + if (result.success && result.data.type === "sse") { + expect(result.data.certificateTrust?.caCertPath).toBe("/path/to/ca.pem") + expect(result.data.certificateTrust?.rejectUnauthorized).toBe(true) // default value + } + }) + + it("should accept server without certificate trust configuration", () => { + const config = { + type: "sse", + url: "https://api.example.com/mcp", + } + + const result = ServerConfigSchema.safeParse(config) + expect(result.success).toBe(true) + if (result.success && result.data.type === "sse") { + expect(result.data.certificateTrust).toBeUndefined() + } + }) + + it("should not accept certificate trust for stdio servers", () => { + const config = { + type: "stdio", + command: "node", + args: ["server.js"], + certificateTrust: { + allowSelfSigned: true, + }, + } + + // Note: stdio schema doesn't include certificateTrust, so it will be stripped + const result = ServerConfigSchema.safeParse(config) + expect(result.success).toBe(true) + if (result.success) { + expect(result.data.type).toBe("stdio") + expect((result.data as any).certificateTrust).toBeUndefined() + } + }) + + it("should default rejectUnauthorized to true when not specified", () => { + const config = { + type: "sse", + url: "https://api.example.com/mcp", + certificateTrust: { + allowSelfSigned: true, + }, + } + + const result = ServerConfigSchema.safeParse(config) + expect(result.success).toBe(true) + if (result.success && result.data.type === "sse") { + expect(result.data.certificateTrust?.rejectUnauthorized).toBe(true) + } + }) + }) + describe("Windows command wrapping", () => { let StdioClientTransport: ReturnType let Client: ReturnType diff --git a/tmp/pr-8287-Roo-Code b/tmp/pr-8287-Roo-Code new file mode 160000 index 000000000..88a473b01 --- /dev/null +++ b/tmp/pr-8287-Roo-Code @@ -0,0 +1 @@ +Subproject commit 88a473b017af37091c85ce3056e444e856f80d6e From b73bd7cdedea6a3463892171e89c41b4a1ffad0c Mon Sep 17 00:00:00 2001 From: Roo Code Date: Sun, 28 Sep 2025 18:45:22 +0000 Subject: [PATCH 02/19] fix: resolve TypeScript type error for agent property in fetch - Use spread operator with type assertion for Node.js-specific agent property - Ensures compatibility with standard RequestInit type while allowing HTTPS agent --- src/services/mcp/McpHub.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/services/mcp/McpHub.ts b/src/services/mcp/McpHub.ts index df1eb1fb7..269431539 100644 --- a/src/services/mcp/McpHub.ts +++ b/src/services/mcp/McpHub.ts @@ -859,10 +859,11 @@ export class McpHub { // Custom fetch function that includes the HTTPS agent reconnectingEventSourceOptions.fetch = (url: string | URL, init: RequestInit) => { const headers = new Headers({ ...(init?.headers || {}), ...(configInjected.headers || {}) }) + // Use type assertion for Node.js-specific agent property return fetch(url, { ...init, headers, - agent: agent as any, + ...({ agent } as any), }) } } From e2b5556dbf3c58bf68abe924e012411e65112441 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Fri, 3 Oct 2025 15:13:38 -0500 Subject: [PATCH 03/19] test: webhook throttle test commit 1 --- docs/mcp-certificate-trust.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 6e690a15a..2cf8815ae 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,6 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements +- Test webhook commit 1 ## Related Documentation From 2ad3209c7dd4ed9d46111db62b8e60c49fad7cd0 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Fri, 3 Oct 2025 15:17:42 -0500 Subject: [PATCH 04/19] test: webhook throttle test commit 2 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 2cf8815ae..a27441026 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 1 +- Test webhook commit 2 ## Related Documentation From c533ebb2e65394ca6df5a03943140d1182a590aa Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Fri, 3 Oct 2025 15:18:23 -0500 Subject: [PATCH 05/19] test: webhook throttle test commit 3 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index a27441026..94d88c43b 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 2 +- Test webhook commit 3 ## Related Documentation From ff458a5107d3a692b9854f5a4d6f7218c21b08f2 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Fri, 3 Oct 2025 15:18:45 -0500 Subject: [PATCH 06/19] test: webhook throttle test commit 4 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 94d88c43b..b054d4c0e 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 3 +- Test webhook commit 4 ## Related Documentation From d04abc0c60615e96e3e08b94eb6c2ca31d098ac1 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Fri, 3 Oct 2025 15:24:13 -0500 Subject: [PATCH 07/19] test: webhook commit 5 - testing 5min timeout with running task --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index b054d4c0e..b508d4987 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 4 +- Test webhook commit 5 - testing 5min timeout with running task ## Related Documentation From a11aad883a2981a1f1014b6fe6580de1ecdc540d Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Mon, 6 Oct 2025 09:23:50 -0500 Subject: [PATCH 08/19] test: webhook commit 6 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index b508d4987..d0e3058ae 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 5 - testing 5min timeout with running task +- Test webhook commit 6 ## Related Documentation From a57d035a1ac28c625aa5b5a3ee11dd5a75ad3a58 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Mon, 6 Oct 2025 09:24:17 -0500 Subject: [PATCH 09/19] test: webhook commit 7 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index d0e3058ae..c7d26422f 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 6 +- Test webhook commit 7 ## Related Documentation From 6fa69243037876e690b60b1f9345f6302cf04150 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Mon, 6 Oct 2025 10:08:03 -0500 Subject: [PATCH 10/19] test: webhook commit 8 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index c7d26422f..2f1387e9c 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 7 +- Test webhook commit 8 ## Related Documentation From 5922c946939cbaa3545d5340b8bb7e0f0235c287 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Mon, 6 Oct 2025 10:08:25 -0500 Subject: [PATCH 11/19] test: webhook commit 9 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 2f1387e9c..6dce623f0 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 8 +- Test webhook commit 9 ## Related Documentation From cf6abc7736a7aea47f235e006bebfb17f6b07b1a Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Mon, 6 Oct 2025 10:19:48 -0500 Subject: [PATCH 12/19] test: webhook commit 10 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 6dce623f0..c0f3a0318 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 9 +- Test webhook commit 10 ## Related Documentation From 6f1b0c56a4516044b9660bb68abce14cd7a8581b Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Mon, 6 Oct 2025 10:20:10 -0500 Subject: [PATCH 13/19] test: webhook commit 11 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index c0f3a0318..412c05ec5 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 10 +- Test webhook commit 11 ## Related Documentation From 4a963a1ee4c3a12bd47545156d4843b4f26ab9bc Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Tue, 7 Oct 2025 10:12:41 -0500 Subject: [PATCH 14/19] test: webhook commit 12 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 412c05ec5..180fa9151 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 11 +- Test webhook commit 12 ## Related Documentation From 6a0fbdc4e9d4af34891b7265b0cc7a48b03ab21a Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Tue, 7 Oct 2025 10:13:04 -0500 Subject: [PATCH 15/19] test: webhook commit 13 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 180fa9151..a6806e832 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 12 +- Test webhook commit 13 ## Related Documentation From 91530f9c00c2ceb062dd74f091e700941667e91e Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Tue, 7 Oct 2025 11:04:58 -0500 Subject: [PATCH 16/19] test: webhook commit 14 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index a6806e832..747cf4d3a 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 13 +- Test webhook commit 14 ## Related Documentation From 39dbeee7248f59844e9463ee1e248158f9803d12 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Tue, 7 Oct 2025 11:05:31 -0500 Subject: [PATCH 17/19] test: webhook commit 15 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 747cf4d3a..310cdfd51 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 14 +- Test webhook commit 15 ## Related Documentation From afa5eb996441ab9e43489931303175b92736589c Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Tue, 7 Oct 2025 11:14:03 -0500 Subject: [PATCH 18/19] test: webhook commit 16 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 310cdfd51..105a5fa2a 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 15 +- Test webhook commit 16 ## Related Documentation From 1cfb8da25a59bbecf298e12f17f39a062ddf94f9 Mon Sep 17 00:00:00 2001 From: daniel-lxs Date: Tue, 7 Oct 2025 11:14:25 -0500 Subject: [PATCH 19/19] test: webhook commit 17 --- docs/mcp-certificate-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/mcp-certificate-trust.md b/docs/mcp-certificate-trust.md index 105a5fa2a..2b827c0cf 100644 --- a/docs/mcp-certificate-trust.md +++ b/docs/mcp-certificate-trust.md @@ -160,7 +160,7 @@ openssl s_client -connect hostname:port -CAfile /path/to/ca.pem - Certificate trust settings only apply to SSE and StreamableHTTP transports - STDIO transport servers do not use HTTPS and therefore don't need certificate configuration - The configuration requires Node.js environment; browser-based implementations may have different requirements -- Test webhook commit 16 +- Test webhook commit 17 ## Related Documentation