After upgrading from dfx 0.23 to 0.24.1 every call to the http_request endpoint fails with Response verification failed: Certification values not found error. This breaks our CI and makes it impossible to test our canisters locally.
Is this a bug, a regression, or something else? Will this change of behavior also impact our mainnet deployments?
Are you implementing the http_request endpoint yourself? In Rust or Motoko?
dfx start --pocketicis now compatible with--artificial-delayand thesubnet_typeconfiguration option, and enables--enable-canister-httpby default.
Maybe this is the change that caused the issue. @mraszyk, is certification required by default in the PocketIC HTTP Gateway?
yes, it is; to disable certification verification, the .raw. endpoints must be used
1 Like
Yes, we implement the http_request endpoint in Rust.
We call the local dfx http_request endpoint with the `http://127.0.0.1:DFX_WEBSERVER_PORT/?canisterId=CANISTER_ID" URL, how can we use the .raw. endpoint?
Is any change impacting our canister deployed on the IC mainnet?
You could consider adding certification to your http_request endpoint: Announcing the HTTP certification library for Rust - Developers / Rust - Internet Computer Developer Forum (dfinity.org).
This change doesn’t affect mainnet, it’s actually closer to mainnet behavior now than it was before.
Well, this is the current behavior when the http_request endpoint is called:
- mainnet: it replies with the expected data
- dfx 0.23: it replies with the expected data
- dfx 0.24: it returns an error
So, dfx 0.23 behaves as close to mainnet as possible while dfx 0.24 has a completely different behavior
On mainnet you need to use the raw endpoints to skip certification, but normal endpoints require it. Now that behavior is being reflected in DFX.
Do you mean that mainnet automatically certifies the http_request endpoint?
Certification, meaning the preparation of a certificate, needs to be done by the canister code, it’s not done automatically. The verification of the certificate is done automatically by the HTTP Gateway for the http_request endpoint on mainnet, but when you use a raw domain, this verification step is skipped.
Hi @NathanosDev ,
First of all, thank you so much for all the help you’ve provided.
I’m still feeling quite confused about this issue. You mentioned that “preparation of a certificate needs to be done by the canister code,” and that the gateway verifies the certificate’s validity. However, our canister code doesn’t prepare any certificate, yet it works on the mainnet. Could you help clarify this? I feel there’s a piece of the puzzle I might be missing.
Thank you again!
Could you share the URL to your canister?
Here is the public URL of our canister: https://testnet.bitfinity.network
you can test it with this call:
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc": "2.0", "method": "eth_blockNumber", "id":1}' 'https://testnet.bitfinity.network'
The very same call performed on a local dfx node succeeds with dfx 0.23 and fails with dfx 0.24.1
Maybe it works on mainnet because the domain is mapped to the .raw. endpoint, I have to verify it. If so, how can I call the raw endpoint on the local dfx node?
testnet.bitfinity.network is not a DFINITY run HTTP Gateway, so I don’t know how it has been implemented but it seems to not be following the same behavior.
If so, how can I call the raw endpoint on the local dfx node?
Can you try with ${CANISTER_ID}.raw.localhost:${DFX_WEBSERVER_PORT}?
1 Like
Great! It works! Thank you 