How to debug "Body does not pass verification"?

Hey there!

I’m testing a custom certified assets canister. Something doesn’t work, and I don’t know how to debug it.
Here is the canister

Console says “Witness != tree …” which is understandable, but I’m not even able to print these values and investigate them in order to understand what exactly is wrong with the tree.

Please, send help.

1 Like

I was able to resolve the issue, so the canister now is working as expected.

But the question stays the same.

Hello @senior.joinu.

I’m sorry to hear about your difficulties in debugging the certification in your custom asset canister. I’ve also had this issue, so to work around it I’ve been working on a canister API desktop client that will be able to make requests to your canister and allow you to investigate the headers that are being returned. It’s not quite ready yet, but in the next days I could send it over for you to try out if you want.

In the meantime, you can always make the request yourself with DFX. If you create a file called asset_canister.did, add the following content:

type HeaderField = record { text; text; };

type HttpRequest = record {
  method: text;
  url: text;
  headers: vec HeaderField;
  body: blob;

type HttpResponse = record {
  status_code: nat16;
  headers: vec HeaderField;
  body: blob;
  upgrade : opt bool;
  streaming_strategy: opt StreamingStrategy;

type Token = variant {
  "type": reserved;

type StreamingCallbackHttpResponse = record {
  body: blob;
  token: opt Token;

type StreamingStrategy = variant {
  Callback: record {
    callback: func (Token) -> (opt StreamingCallbackHttpResponse) query;
    token: Token;

service : {
  http_request: (request: HttpRequest) -> (HttpResponse) query;
  http_request_update: (request: HttpRequest) -> (HttpResponse);

If you have the DID file for your own canister handy then you can also just use that.

And then use the following DFX command, replacing the canister ID with the ID of your own canister:

dfx canister call jx5yt-yyaaa-aaaal-abzbq-cai http_request '(record {url = "/"; method = "GET"; body = vec {}; headers = vec {}})' --network --candid ./asset_canister.did

In the response you will be able to find the IC-Certificate header, which is formatted like this: certificate=:${certificate_value}:, tree=:${tree_value}:. If you need further assistance on how to decode that header just let me know.


This is exactly what I needed. Completely forgot we have dfx :slight_smile:

Thanks a lot!