error on failed fetch from w3.org

[arpentnoir]

our verifier is throwing this error looks like w3.org ssl certificate has expired, so the fetch to preload contexts fails (and is not handled).

{
    "errorType": "Runtime.UnhandledPromiseRejection",
    "errorMessage": "FetchError: request to https://www.w3.org/2018/credentials/examples/v1 failed, reason: certificate has expired",
    "reason": {
        "errorType": "FetchError",
        "errorMessage": "request to https://www.w3.org/2018/credentials/examples/v1 failed, reason: certificate has expired",
        "code": "CERT_HAS_EXPIRED",
        "message": "request to https://www.w3.org/2018/credentials/examples/v1 failed, reason: certificate has expired",
        "type": "system",
        "errno": "CERT_HAS_EXPIRED",
        "stack": [
            "FetchError: request to https://www.w3.org/2018/credentials/examples/v1 failed, reason: certificate has expired",
            "    at ClientRequest.<anonymous> (/var/task/node_modules/node-fetch/lib/index.js:1461:11)",
            "    at ClientRequest.emit (events.js:314:20)",
            "    at ClientRequest.EventEmitter.emit (domain.js:483:12)",
            "    at TLSSocket.socketErrorListener (_http_client.js:427:9)",
            "    at TLSSocket.emit (events.js:314:20)",
            "    at TLSSocket.EventEmitter.emit (domain.js:483:12)",
            "    at emitErrorNT (internal/streams/destroy.js:92:8)",
            "    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)",
            "    at processTicksAndRejections (internal/process/task_queues.js:84:21)"
        ]
    },
    "promise": {},
    "stack": [
        "Runtime.UnhandledPromiseRejection: FetchError: request to https://www.w3.org/2018/credentials/examples/v1 failed, reason: certificate has expired",
        "    at process.<anonymous> (/var/runtime/index.js:35:15)",
        "    at process.emit (events.js:326:22)",
        "    at process.EventEmitter.emit (domain.js:483:12)",
        "    at processPromiseRejections (internal/process/promises.js:209:33)",
        "    at processTicksAndRejections (internal/process/task_queues.js:98:32)"
    ]
}

is it possible to pull these dependencies back to build time? - so that runtime does not depend on those resources

[Nebulis]

You are using oa v3 ?

We could but I don't know how often the file changes, so it could have an impact :thinking:

[arpentnoir]

You are using oa v3 ?

not yet, the error stems from this import statement

const { verificationBuilder, isValid, openAttestationVerifiers } = require('@govtechsg/oa-verify');

[Nebulis]

try to upgrade, I fixed this issue some times ago:

- I added a small cache to pre-load some contexts because it's slow
- later I realised that when you used v2 only it was downloading those files
- now download happens only at first v3 verification

[arpentnoir]

@Nebulis what do you think about optionally providing alternative location for those schemas provided via environment variable? then an async process decoupled from the validator itself could keep the schemas up to date and we can know at any time that our local cache won't fail. In our case, where we have a verifier api running on lambda, in memory caching doesn't work for long.

happy to raise PR if you're ok with the approach in principle.

[Nebulis]

You upgraded and it didn't help ?

I prefer a proxy-based solution. or inversion of control (i.e. you inject your own fetch)

[arpentnoir]

we did upgrade, and looks ok for now - but by the time we upgraded w3 had fixed their cert. we're about to start looking at v3 though so thinking more about preventing future issues

[Nebulis]

Ok sure, I will close this issue then. If you want to raise a PR to address what we discussed above feel free.

You can open a github discussion if you want more support on the matter