[FEATURE] Add SSL verification option (verify parameter) to HTTP client factory and transports

[vinitshetty]

Feature Area

Core functionality

Is your feature request related to a an existing bug? Please link it here.

Summary

MCPServerHTTP does not expose an SSL verification option (verify parameter), making it impossible to disable certificate validation when connecting to MCP servers behind corporate proxies or with self-signed certificates.

Problem

When integrating CrewAI agents with enterprise MCP services (e.g., Snowflake MCP Server) through corporate networks, SSL certificate validation errors occur due to:

• Corporate proxy/firewall intercepting HTTPS traffic with self-signed certificates
• Internal certificate authorities not in the default trust store
• Development/staging environments with self-signed certs

Error encountered:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

Currently, users cannot disable SSL verification without directly modifying the underlying mcp package source files.

Reproduction Steps

from crewai import Agent
from crewai.mcp import MCPServerHTTP

support_agent = Agent(
role="Customer Support Agent",
goal="Analyze customer support cases from Snowflake",
mcps=[
MCPServerHTTP(
url="https://-.snowflakecomputing.com/api/v2/cortex/mcp",
headers={"Authorization": "Bearer <PAT_TOKEN>"},
streamable=False,
)
],
)Running this behind a corporate proxy results in SSL certificate verification failure.

Current Workaround (Not Recommended)

Manually editing the installed mcp package at .venv/lib/python3.x/site-packages/mcp/shared/_httpx_utils.py:

Line 83, change from:

return httpx.AsyncClient(**kwargs)

To:

return httpx.AsyncClient(verify=False, **kwargs)This workaround is lost on package reinstall/upgrade.

Proposed Solution

Add a verify parameter to MCPServerHTTP (and MCPServerSSE):

MCPServerHTTP(
url="https://...",
headers={"Authorization": "Bearer ..."},
streamable=False,
verify=False, # NEW - disable SSL verification
)This parameter should be propagated to the underlying mcp library's HTTP client factory.

Use Case

Enterprise users connecting CrewAI agents to:

• Snowflake MCP Server
• Databricks MCP endpoints
• Internal/private MCP servers
• Any MCP server behind corporate proxies with SSL inspection

Environment

• crewai version: 1.7.0
• mcp version: 1.16.0
• Python version: 3.13
• OS: macOS

Additional Context

• The underlying mcp package uses httpx which natively supports verify parameter
• This is a common requirement for enterprise deployments
• Similar parameters exist in other HTTP client integrations (requests, aiohttp, etc.)

Describe the solution you'd like

Add a verify parameter to MCPServerHTTP (and MCPServerSSE):

MCPServerHTTP(
url="https://...",
headers={"Authorization": "Bearer ..."},
streamable=False,
verify=False, # NEW - disable SSL verification
)This parameter should be propagated to the underlying mcp library's HTTP client factory.

Describe alternatives you've considered

No response

Additional context

No response

Willingness to Contribute

Yes, I'd be happy to submit a pull request

[lorenzejay]

Thanks for flagging @vinitshetty! Would you like to submit a PR?