feat: add option to skip SSL verification

slhck · slhck · commit a50baf09af60 · 2025-06-04T21:31:58.000+02:00
diff --git a/README.md b/README.md
@@ -77,6 +77,7 @@ The Elasticsearch MCP Server supports configuration options to connect to your E
 | `ES_USERNAME` | Elasticsearch username for basic authentication | No |
 | `ES_PASSWORD` | Elasticsearch password for basic authentication | No |
 | `ES_CA_CERT` | Path to custom CA certificate for Elasticsearch SSL/TLS | No |
+| `ES_SSL_SKIP_VERIFY` | Set to '1' or 'true' to skip SSL certificate verification | No |
 | `ES_PATH_PREFIX` | Path prefix for Elasticsearch instance exposed at a non-root path | No |
 
 
diff --git a/index.ts b/index.ts
@@ -65,7 +65,12 @@ const ConfigSchema = z
       .string()
       .optional()
       .describe("Path to custom CA certificate for Elasticsearch"),
-    
+
+    sslSkipVerify: z
+      .boolean()
+      .optional()
+      .describe("Skip SSL certificate verification"),
+
     pathPrefix: z
       .string()
       .optional()
@@ -104,7 +109,7 @@ export async function createElasticsearchMcpServer(
   config: ElasticsearchConfig
 ) {
   const validatedConfig = ConfigSchema.parse(config);
-  const { url, apiKey, username, password, caCert, pathPrefix } = validatedConfig;
+  const { url, apiKey, username, password, caCert, sslSkipVerify, pathPrefix } = validatedConfig;
 
   const clientOptions: ClientOptions = {
     node: url,
@@ -127,10 +132,11 @@ export async function createElasticsearchMcpServer(
   }
 
   // Set up SSL/TLS certificate if provided
+  clientOptions.tls = {};
   if (caCert) {
     try {
       const ca = fs.readFileSync(caCert);
-      clientOptions.tls = { ca };
+      clientOptions.tls.ca = ca;
     } catch (error) {
       console.error(
         `Failed to read certificate file: ${
@@ -140,6 +146,11 @@ export async function createElasticsearchMcpServer(
     }
   }
 
+  // Skip verification if requested
+  if (sslSkipVerify) {
+    clientOptions.tls.rejectUnauthorized = false;
+  }
+
   const esClient = new Client(clientOptions);
 
   const server = new McpServer({
@@ -456,6 +467,7 @@ const config: ElasticsearchConfig = {
   username: process.env.ES_USERNAME || "",
   password: process.env.ES_PASSWORD || "",
   caCert: process.env.ES_CA_CERT || "",
+  sslSkipVerify: process.env.ES_SSL_SKIP_VERIFY === "1" || process.env.ES_SSL_SKIP_VERIFY === "true",
   pathPrefix: process.env.ES_PATH_PREFIX || "",
 };
 
