From 99e53a61a996fdd24d1fc4340f2b3faefb28eae2 Mon Sep 17 00:00:00 2001 From: Jordan Oroshiba Date: Fri, 5 Apr 2024 09:51:06 -0700 Subject: [PATCH] fix(conductor): enable tls for grpc connections (#925) ## Summary Added a couple of tonic features to conductor so it can use tls and http2 correctly. ## Background When connecting over an https http2 (h2) connection conductor would get errors stating `http2 error: connection error detected: frame with invalid size, connection error detected: frame with invalid size`. Tonic wasn't using tls because it wasn't turned on. Adding these two features allows "native" certs for client to be used by default and uses tls and http2 correctly when making client requests. ## Changes - enabled `tls` and `tls-roots` features on tonic in conductor ## Testing Ran conductor locally against dusk-4 network. Additionally ran local smoke test using the newly built image which confirmed still works over non https urls. --- Cargo.lock | 4 ++++ crates/astria-conductor/Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index b0cab0c86b..745a459740 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -7812,7 +7812,11 @@ dependencies = [ "percent-encoding", "pin-project", "prost", + "rustls", + "rustls-native-certs", + "rustls-pemfile", "tokio", + "tokio-rustls", "tokio-stream", "tower", "tower-layer", diff --git a/crates/astria-conductor/Cargo.toml b/crates/astria-conductor/Cargo.toml index 3c5b5aabcd..fbdb05bdc7 100644 --- a/crates/astria-conductor/Cargo.toml +++ b/crates/astria-conductor/Cargo.toml @@ -42,7 +42,7 @@ sha2 = { workspace = true } thiserror = { workspace = true } tokio = { workspace = true, features = ["macros", "rt-multi-thread", "signal"] } tokio-util = { workspace = true, features = ["rt"] } -tonic = { workspace = true } +tonic = { workspace = true, features = ["tls", "tls-roots"] } tracing = { workspace = true, features = ["valuable"] } tryhard = { workspace = true }