fix: Add explicit root TLS configuration to gRPC clients

.changelog/unreleased/bug-fixes/ibc-chain-registry/4160-explicit-rootls-config.md

@@ -0,0 +1,2 @@
+- add explicit root TLS configuration to gRPC clients
+ ([\#4160](https://github.com/informalsystems/hermes/issues/4160))

.changelog/unreleased/bug-fixes/ibc-relayer/4160-explicit-rootls-config.md

@@ -0,0 +1,2 @@
+- Add explicit root TLS configuration to gRPC clients
+ ([\#4160](https://github.com/informalsystems/hermes/issues/4160))

crates/chain-registry/src/querier.rs

@@ -13,6 +13,7 @@ use tendermint_rpc::HttpClientUrl;
 use tracing::{debug, info};
 
 use ibc_proto::cosmos::bank::v1beta1::query_client::QueryClient;
+use ibc_relayer::util::create_grpc_client;
 use ibc_relayer::HERMES_VERSION;
 use tendermint_rpc::{Client, Url};
 
@@ -159,7 +160,7 @@ impl QueryContext for GrpcHealthCheckQuerier {
 
  info!("Querying gRPC server at {tendermint_url}");
 
- QueryClient::connect(uri)
+ create_grpc_client(uri, QueryClient::new)
  .await
  .map_err(|_| RegistryError::unable_to_connect_with_grpc())?;
 

crates/relayer/src/chain/cosmos.rs

@@ -107,6 +107,7 @@ use crate::light_client::tendermint::LightClient as TmLightClient;
 use crate::light_client::{LightClient, Verified};
 use crate::misbehaviour::MisbehaviourEvidence;
 use crate::util::compat_mode::compat_mode_from_version;
+use crate::util::create_grpc_client;
 use crate::util::pretty::PrettySlice;
 use crate::util::pretty::{
  PrettyIdentifiedChannel, PrettyIdentifiedClientState, PrettyIdentifiedConnection,
@@ -374,13 +375,10 @@ impl CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_ccv_consumer_chain_params");
 
- let mut client = self
- .block_on(
- ibc_proto::interchain_security::ccv::consumer::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone()
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::interchain_security::ccv::consumer::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1228,13 +1226,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_clients");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::client::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::client::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1419,13 +1414,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_client_connections");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::connection::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::connection::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1465,13 +1457,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_connections");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::connection::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::connection::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1523,10 +1512,11 @@ impl ChainEndpoint for CosmosSdkChain {
  use ibc_proto::ibc::core::connection::v1 as connection;
  use tonic::IntoRequest;
 
- let mut client =
- connection::query_client::QueryClient::connect(chain.grpc_addr.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(
+ chain.grpc_addr.clone(),
+ connection::query_client::QueryClient::new,
+ )
+ .await?;
 
  client = client.max_decoding_message_size(
  chain.config().max_grpc_decoding_size.get_bytes() as usize,
@@ -1604,13 +1594,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_connection_channels");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1676,13 +1663,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_channels");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1800,13 +1784,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_channel_client_state");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -1871,17 +1852,15 @@ impl ChainEndpoint for CosmosSdkChain {
  crate::telemetry!(query, self.id(), "query_packet_commitments");
 
  let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
+ .block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))
  .map(|client| {
  client.max_decoding_message_size(
  self.config().max_grpc_decoding_size.get_bytes() as usize
  )
- })
- .map_err(Error::grpc_transport)?;
+ })?;
 
  if request.pagination.is_enabled() {
  let mut results = Vec::new();
@@ -2033,13 +2012,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_unreceived_packets");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -2109,17 +2085,15 @@ impl ChainEndpoint for CosmosSdkChain {
  }
 
  let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
+ .block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))
  .map(|client| {
  client.max_decoding_message_size(
  self.config().max_grpc_decoding_size.get_bytes() as usize
  )
- })
- .map_err(Error::grpc_transport)?;
+ })?;
 
  if request.pagination.is_enabled() {
  let mut results = Vec::new();
@@ -2229,13 +2203,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_unreceived_acknowledgements");
 
- let mut client = self
- .block_on(
- ibc_proto::ibc::core::channel::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::ibc::core::channel::v1::query_client::QueryClient::new,
+ ))?;
 
  client = client
  .max_decoding_message_size(self.config().max_grpc_decoding_size.get_bytes() as usize);
@@ -2570,12 +2541,10 @@ impl ChainEndpoint for CosmosSdkChain {
  );
  crate::telemetry!(query, self.id(), "query_consumer_chains");
 
- let mut client = self.block_on(
- ibc_proto::interchain_security::ccv::provider::v1::query_client::QueryClient::connect(
- self.grpc_addr.clone(),
- ),
- )
- .map_err(Error::grpc_transport)?;
+ let mut client = self.block_on(create_grpc_client(
+ self.grpc_addr.clone(),
+ ibc_proto::interchain_security::ccv::provider::v1::query_client::QueryClient::new,
+ ))?;
 
  let request = tonic::Request::new(
  ibc_proto::interchain_security::ccv::provider::v1::QueryConsumerChainsRequest {},

crates/relayer/src/chain/cosmos/query/account.rs

@@ -7,6 +7,7 @@ use tracing::info;
 use crate::chain::cosmos::types::account::Account;
 use crate::config::default::max_grpc_decoding_size;
 use crate::error::Error;
+use crate::util::create_grpc_client;
 
 /// Get a `&mut Account` from an `&mut Option<Account>` if it is `Some(Account)`.
 /// Otherwise query for the account information, update the `Option` to `Some`,
@@ -54,9 +55,7 @@ pub async fn query_account(
  grpc_address: &Uri,
  account_address: &str,
 ) -> Result<BaseAccount, Error> {
- let mut client = QueryClient::connect(grpc_address.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(grpc_address.clone(), QueryClient::new).await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);
 

crates/relayer/src/chain/cosmos/query/balance.rs

@@ -7,16 +7,15 @@ use ibc_proto::cosmos::bank::v1beta1::{
 use crate::account::Balance;
 use crate::config::default::max_grpc_decoding_size;
 use crate::error::Error;
+use crate::util::create_grpc_client;
 
 /// Uses the GRPC client to retrieve the account balance for a specific denom
 pub async fn query_balance(
  grpc_address: &Uri,
  account_address: &str,
  denom: &str,
 ) -> Result<Balance, Error> {
- let mut client = QueryClient::connect(grpc_address.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(grpc_address.clone(), QueryClient::new).await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);
 
@@ -47,9 +46,7 @@ pub async fn query_all_balances(
  grpc_address: &Uri,
  account_address: &str,
 ) -> Result<Vec<Balance>, Error> {
- let mut client = QueryClient::connect(grpc_address.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(grpc_address.clone(), QueryClient::new).await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);
 

crates/relayer/src/chain/cosmos/query/connection.rs

@@ -6,12 +6,11 @@ use ibc_proto::ibc::core::connection::v1::QueryConnectionParamsRequest;
 
 use crate::config::default::max_grpc_decoding_size;
 use crate::error::Error;
+use crate::util::create_grpc_client;
 
 /// Uses the GRPC client to retrieve the connection params
 pub async fn query_connection_params(grpc_address: &Uri) -> Result<Params, Error> {
- let mut client = QueryClient::connect(grpc_address.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(grpc_address.clone(), QueryClient::new).await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);
 

crates/relayer/src/chain/cosmos/query/consensus_state.rs

@@ -7,6 +7,7 @@ use crate::chain::requests::{QueryConsensusStateHeightsRequest, QueryConsensusSt
 use crate::config::default::max_grpc_decoding_size;
 use crate::consensus_state::AnyConsensusStateWithHeight;
 use crate::error::Error;
+use crate::util::create_grpc_client;
 use crate::util::pretty::{PrettyConsensusStateWithHeight, PrettyHeight};
 
 /// Performs a `QueryConsensusStateHeightsRequest` gRPC query to fetch all the consensus state
@@ -36,10 +37,11 @@ pub async fn query_consensus_state_heights(
  .contains("unknown method ConsensusStateHeights")
  }
 
- let mut client =
- ibc_proto::ibc::core::client::v1::query_client::QueryClient::connect(grpc_addr.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(
+ grpc_addr.clone(),
+ ibc_proto::ibc::core::client::v1::query_client::QueryClient::new,
+ )
+ .await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);
 
@@ -105,10 +107,11 @@ pub async fn query_consensus_states(
  }
  );
 
- let mut client =
- ibc_proto::ibc::core::client::v1::query_client::QueryClient::connect(grpc_addr.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(
+ grpc_addr.clone(),
+ ibc_proto::ibc::core::client::v1::query_client::QueryClient::new,
+ )
+ .await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);
 

crates/relayer/src/chain/cosmos/query/denom_trace.rs

@@ -7,12 +7,11 @@ use ibc_proto::ibc::applications::transfer::v1::{
 use crate::config::default::max_grpc_decoding_size;
 use crate::denom::DenomTrace;
 use crate::error::Error;
+use crate::util::create_grpc_client;
 
 // Uses the GRPC client to retrieve the denom trace for a specific hash
 pub async fn query_denom_trace(grpc_address: &Uri, hash: &str) -> Result<DenomTrace, Error> {
- let mut client = QueryClient::connect(grpc_address.clone())
- .await
- .map_err(Error::grpc_transport)?;
+ let mut client = create_grpc_client(grpc_address.clone(), QueryClient::new).await?;
 
  client = client.max_decoding_message_size(max_grpc_decoding_size().get_bytes() as usize);