Skip to content

Commit 8a2dfbf

Browse files
committed
Mention the SSL_CERT_FILE remedy and update stale HTTPX docstrings
The TLS notes now cover the zero-code SSL_CERT_FILE/SSL_CERT_DIR route httpx2 honors before falling back to the system trust store, and warn that verify="ca.pem" and cert= are deprecated there. A handful of docstrings still branded the client HTTPX; they now say httpx2. No-Verification-Needed: docstring- and documentation-only change
1 parent 2c901e8 commit 8a2dfbf

6 files changed

Lines changed: 17 additions & 12 deletions

File tree

docs/client/transports.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,9 @@ Two things to notice:
5656

5757
One TLS note: `httpx2` verifies certificates against the operating system trust store (via
5858
[`truststore`](https://pypi.org/project/truststore/)), not a bundled CA list. In an environment with
59-
no usable system CA store - some minimal containers - pass an explicit `verify=ssl_context` to your
60-
`httpx2.AsyncClient` (background in
59+
no usable system CA store — some minimal containers — set the standard `SSL_CERT_FILE`/`SSL_CERT_DIR`
60+
environment variables or pass an explicit `verify=ssl_context` to your `httpx2.AsyncClient`
61+
(background in
6162
[`httpx` and `httpx-sse` replaced by `httpx2`](../migration.md#httpx-and-httpx-sse-replaced-by-httpx2)).
6263

6364
!!! warning

docs/migration.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -99,8 +99,8 @@ The SDK now depends on [`httpx2`](https://pypi.org/project/httpx2/) instead of
9999
`httpx`) with server-sent events support built in, so the separate `httpx-sse`
100100
dependency is gone.
101101

102-
The swap itself does not change any SDK signatures - `streamable_http_client`
103-
and `sse_client` accept the same arguments as elsewhere in v2 - but the client
102+
The swap itself does not change any SDK signatures `streamable_http_client`
103+
and `sse_client` accept the same arguments as elsewhere in v2 but the client
104104
type they expect is now `httpx2.AsyncClient`. If you construct your own client to pass as
105105
`http_client` (or build an `httpx2.Auth` subclass for `auth`), import from
106106
`httpx2`:
@@ -129,8 +129,12 @@ TLS verification also changes: `httpx` validated certificates against the
129129
bundled `certifi` CA list, while `httpx2` validates against the operating
130130
system trust store via [`truststore`](https://pypi.org/project/truststore/).
131131
If your environment has no usable system CA store (some minimal containers),
132-
or you relied on certifi's bundle specifically, pass an explicit
133-
`verify=ssl_context` to your `httpx2.AsyncClient`.
132+
or you relied on certifi's bundle specifically, point the standard
133+
`SSL_CERT_FILE` or `SSL_CERT_DIR` environment variable at a CA bundle —
134+
`httpx2` honors these before falling back to the system store — or pass an
135+
explicit `verify=ssl_context` to your `httpx2.AsyncClient`. Passing a CA
136+
bundle path as `verify="ca.pem"` or using the `cert=` parameter is deprecated
137+
in `httpx2`; build an `ssl.SSLContext` and configure it instead.
134138

135139
### `mcp dev` and `mcp install` pin the spawned environment to your SDK version
136140

src/mcp/client/auth/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
"""OAuth2 Authentication implementation for HTTPX.
1+
"""OAuth2 Authentication implementation for httpx2.
22
33
Implements authorization code flow with PKCE and automatic token refresh.
44
"""

src/mcp/client/auth/oauth2.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
"""OAuth2 Authentication implementation for HTTPX.
1+
"""OAuth2 Authentication implementation for httpx2.
22
33
Implements authorization code flow with PKCE and automatic token refresh.
44
"""
@@ -528,7 +528,7 @@ async def _validate_resource_match(self, prm: ProtectedResourceMetadata) -> None
528528
raise OAuthFlowError(f"Protected resource {prm_resource} does not match expected {default_resource}")
529529

530530
async def async_auth_flow(self, request: httpx2.Request) -> AsyncGenerator[httpx2.Request, httpx2.Response]:
531-
"""HTTPX auth flow integration."""
531+
"""httpx2 auth flow integration."""
532532
async with self.context.lock:
533533
if not self._initialized:
534534
await self._initialize()

src/mcp/client/sse.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,8 @@ async def sse_client(
4747
headers: Optional headers to include in requests.
4848
timeout: HTTP timeout for regular operations (in seconds).
4949
sse_read_timeout: Timeout for SSE read operations (in seconds).
50-
httpx_client_factory: Factory function for creating the HTTPX client.
51-
auth: Optional HTTPX authentication handler.
50+
httpx_client_factory: Factory function for creating the httpx2 client.
51+
auth: Optional httpx2 authentication handler.
5252
on_session_created: Optional callback invoked with the session ID when received.
5353
"""
5454
logger.debug(f"Connecting to SSE endpoint: {remove_request_params(url)}")

src/mcp/server/extension.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
interceptor. The server never hands itself to an extension; the extension
88
declares what it adds, and the server consumes it.
99
10-
The shape follows the HTTPX `Transport`/`Auth` pattern: a narrow base class whose
10+
The shape follows the httpx2 `Transport`/`Auth` pattern: a narrow base class whose
1111
methods have sensible defaults, so an extension overrides only what it needs. A
1212
purely additive extension (Apps) overrides `tools`/`resources`; an interceptive
1313
one overrides `methods`/`intercept_tool_call`.

0 commit comments

Comments
 (0)