chore(authn): test Redis authn via ssl connection

.ci/docker-compose-file/Makefile.local

@@ -22,6 +22,7 @@ up:
 		-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
+		-f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \
 		up -d --build
 
 down:
@@ -31,6 +32,7 @@ down:
 		-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
+		-f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \
 		down
 
 ct:

.ci/docker-compose-file/docker-compose-redis-single-tls.yaml

@@ -1,13 +1,15 @@
 version: '3.9'
 
 services:
-  redis_server:
-    container_name: redis
+  redis_server_tls:
+    container_name: redis-tls
     image: redis:${REDIS_TAG}
     volumes:
-      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca.crt
-      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/redis.crt
-      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/redis.key
+      - ./redis/certs/server.crt:/etc/certs/redis.crt
+      - ./redis/certs/server.key:/etc/certs/redis.key
+      - ./redis/certs/ca.crt:/etc/certs/ca.crt
+    ports:
+      - "6380:6380"
     command:
       - redis-server
       - "--bind 0.0.0.0 ::"
@@ -16,6 +18,8 @@ services:
       - --tls-cert-file /etc/certs/redis.crt
       - --tls-key-file /etc/certs/redis.key
       - --tls-ca-cert-file /etc/certs/ca.crt
+      - --tls-protocols "TLSv1.3"
+      - --tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256"
     restart: always
     networks:
-      - emqx_bridge
+      emqx_bridge:

.ci/docker-compose-file/redis/certs/ca.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
+ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx
+MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0
+MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q
+XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD
+yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0
+Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf
+XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg
+UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co
+/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O
+x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki
++lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs
+/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf
+weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg
+VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl
+4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ
+KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX
+RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW
+whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO
+JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5
+Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh
+AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD
+wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB
+LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ
+/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk
+UElFARdXALiZWg==
+-----END CERTIFICATE-----

.ci/docker-compose-file/redis/certs/ca.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxcc3Ar
+iAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gtmCdZ
+ZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/QgpW
+oR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yrgTO4
+HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMAUoDE
+B6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10hQDC
+K/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfbJ4by
+0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpczyTA
+9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3nFbyE
+t0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8HgPN1s
+/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcCAwEA
+AQKCAgEAnVNQg2Cgth8E1ixTJWosZlvmFHgNKyypb7cAAYb0Yy4NWsrn2CY4K+uI
+xGsOjKvcO+5n8hXF90e5Dya1CJPbDwm0SZAvlwu45UBN183E9ZT+5MpmoGRYM7mF
+CeYRNB1goVgfGAAaYi3FGAITu4tn/BOdjfrXw7muYkUaoWJJwz8kWRNEzCSspXzp
+bgoHfVC+vP97E8XtHTpT4JDReNoOSA5d2ZoGkLOUL3qUomfIYDc8aPvtVBl9A8uy
+cP8gPQXrZP8/3SIyNQAQ9Eh2CyLIVfb54Xc2nm6WEKd03a8OyieaPu+mJ1kItoCD
+mHqEFycTl0urdHuEl5uNwfWlVM8gfMrKeI7qLFIRNInuQrl3aEP1wfLdBowxTdIA
+GOk7Ab8ObE1zW52jjUVE08/UZeFoMfqn7jL4ViiARk01UsDKuwXj4M1HQnrrfePn
+2Y4G7fiDgdwU+GjvUS+cg9f/cI6ADKi6nxhwAUIyyVY0+OvN76BiNGyKeGE5IjL+
+MLIOY5PKs/YakGBhYfAOAlqlO0LCRPPqkVqoD6ekvQBgopmE2tNhVqlB1WA2sU5I
+Ef8RxAWS1WIjGlA0131U5Z4Z0oyIEyG2Zs5i32RFjUmpKevyEV/aLICHvis1rDdD
+pdX+ici7ZwSVZZHtkDyu7mH4kmkhKp77oKMcHiRdDzxGvIBM7kECggEBAP4siFF6
+qBej5A4CRld+7BY+I4HjKWRy3lNwFaPECaGsrWnyp+7eoQimNZshXBN6lV5MNbIb
+b5JgiASA9Wny6JztBk1OVvxFGRrDK1HysHa6XRwA3JnsfYQV0Jzlf+KeDcA9ldBc
+yWZ1X3lHt1AKrpAinAsobnMCIy5v00H2ccS3mlOpfli/l79RO5Dc8pG7Ht4PZuvr
+ROamNi7DAk1qpA1fkblPyoH8GlGsWmeLtuC7533QtcXrSczArpbM+/sBb2eHojbe
+bo4mdDapeXBHqbc36JJ/6p4MNvBQUVa19OIGWms+xV6iXYkg1MsahT4rhfH5XaE1
+P6RHm5U3uwkN+A8CggEBAN9Tvz34t/b06ujWhT3Qz1PgnlwPj0bvE3srMzJw9fn6
+Vo6xVFwduhpsFE8jb+q98bNb96rtk3qGZ6TegwFMZa4Hv3zDgov3eqCaAg46P9fg
+A7UK6rXgBwqR8lbqEu6tq2WErniRTOIBwSSBARqM2a3YZczmqQC3EAUPSMps2Gdg
+i0Tr3QpPANrPUP3TL5FaZQacRjl23dO2FTpo9xPEMhMO5IS8CMSOshp/FAhFTCRV
+geYOQaNAmGOJe5ZlM5ctRnlZLTE0+Tl8flZQoGjlZs2dzRDU/OlrKgYcXkBMsy1J
+nijYkCmU4BlskaoHuhUT4ScOnYj88+WQ/1ezAneMizkCggEBAPDs81YQZs7pud0R
+iO2c0FoREoUm9vBQ9a6vWsO9qceHL2Vy7n28p3XUXpGqYGXSV01n/anS2cItICDs
+wDNqXdWJ0uRqMoezU6WLhD+MRHp2EpXdtz1r7lnKd9CQtdTwLmafuacknH8zGImU
+Ug1b4rWbKMBm1bLMPt7gfqZS3OozguR0j9+91DAz5rtcw80hSpQAk3VisA/VUxym
+GkOZpuFKSo4WNQVbGvN55MOrqnCBjF80+2gcq/qaVaN5sAvwA1JmPXu3AaJajuPV
+ZtfoBdY294wOFi0ztMu7xi3kEbhBf2mSuXEHhJPb+/h9LfmNNcz0qyyIlce5XJ9n
+kTF2/T8CggEARmRORklMKxIdrRBY5RgZEXYeVCQvZAtdV5hRRdfnIEjw2X85eOOB
+0mw4po0j7Ji8Q218jireLmOI7aWZI2KiNg2JJNk3H8j8pPyGI1fm4bNhV8I+It+f
+OIyyFwUmvIaPHKuKlsQtuJsW9tuWrniw8CPiSoh1wpzw9rdPmUZfm44Jt8qkXGh0
+e4OXIrpbJvSYHVJKrDg0SVP+Mu/82QUhR3KNQu1F0jasGr/tX4IAMv+ktw/NTpjA
+r7cY9lmlvkPuD7e1D+qDl8QOykQVm5qbIbpYdbK8mRJHJ6/vYVMLsv2eVX+VSRX8
+4OagrzhKRfSDJl1r+E7KzZQ7d7gb0fTBuQKCAQA8+59lX2HcJicx/YEs7aBbLb2d
+tqIrMG/cj96DLIRFXeAoOjCD8X2xZYNAA5WqY1TiziTLDFbBsqAMig8KwMYNb8br
+fWfvUpuW2cGFbiw5VmGbJOnf8OOqYwsKZ02RPQuJGDBVBHDYurS1/WEg772+HbL5
+sO4rdsaSBcZSk9pt1+ERsxuDDCfzQkG2mz9pBjJua7b0N6U7CfJQvM8nsxef5y78
+xEkd+PuVfmerHl3TYLdOsvhIzi81lXaqodhbReBqtXkbxeMPd18wgMx4Aav1OX3q
+C+z1y2JsaF9ZiAU7uMkoWzBrccF6b2lIZmZ6MKxEHl9QTcEfsPElaXEXqKXS
+-----END RSA PRIVATE KEY-----

.ci/docker-compose-file/redis/certs/client.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
+BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe
+Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz
+IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP
+g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D
+zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn
+qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN
+IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa
+BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG
+CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT
+nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY
+zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc
+frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr
+mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn
+HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z
+odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5
+MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3
+oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT
+y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J
+nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr
+R5q5VPKvniiw0/HiJNbNG0ZHDCU=
+-----END CERTIFICATE-----

.ci/docker-compose-file/redis/certs/client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI
++bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON
+TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8
+SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At
+T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa
+DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT
+gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH
+Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L
+Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm
+6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U
+O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD
+RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE
+dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb
+QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75
+ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk
+xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh
+MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO
+PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U
+0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h
+tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0
+dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL
+L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP
+7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU
+eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU
+l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM
+-----END RSA PRIVATE KEY-----

.ci/docker-compose-file/redis/certs/server.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAeugAwIBAgIJAJ1b1eCyPY+jMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
+BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe
+Fw0yMTEyMjIxNTU5NDlaFw0yMjEyMjIxNTU5NDlaMCkxEzARBgNVBAoMClJlZGlz
+IFRlc3QxEjAQBgNVBAMMCXJlZGlzLXRsczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALteJrJx6zRKM2Yky5HKKS9VxgOieD/W48xR/G4rY/ecltHGtH6d
+kER04+UdbHJ9XB0vhc7uU8yF94D4JChT6AtYqNGtFIlsrYGs9XrIBWJDYYQBr7Vh
+m63FmOTp8Q/1ij8kVLcWjM92ZfL5TV5JLSl/qirVQyxp3ioudsKG+D2/kr4uyh1D
+gqgnmdio5XZ5RCIPqb58ECK87vXYewUTn1I7f/g2uok1HGFAQVDX29vUX0pY9msu
+6RXogtjmbGGc40kNYCwX8FlXfyDhvwl8PLxOrNw38a/VJMa8q5E0l11z16v3Fc3I
+ixzwwQ9+T43Bg4W0OIFOlDFekRAx8S5NsAcCAwEAAaMiMCAwCwYDVR0PBAQDAgWg
+MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAhQ+gAOf6n8xA
+S/N1Bt6T3B0smlODozPoZeAUuiIhZyKN3ZzJHAj41JB+Zs7PTwdQQC5MI/o10Bh+
+RmOvejTBpxSrB1OucdUvS0xOz2XASLRlnoL8MDX9dSw40QJsSOXfUZ6tJXwqN8wo
+hAp1j5ogigmVSHzyxiKwfx0ULH+DWp9GuPyyfaJKeAPcbWejg2us+1sGLwbcg9+j
+9QL3IaEF+Uv5BeFmWKe48irgBknJh1vesPQ4wzd63/ko96yLFFy7/celZP46YqyF
+nulgqHc5HwlfxnLLjvP14han8FjEkfcLUyLwp+BNh5OcDahPVYFaQLBFygVujs+D
+005Hqm1GdsNf7ImubNIgIjETlOO7jmAtMJnaQasFbSk4vf9BaUulb0RoqQs5Vjbm
+T3jVfhRvKi+cATEM64zzVSNjVi5Nxa1urrYLAqv5VQCWl3stJl+2qCA1mgQ+J02k
+8KIY8lfP6YcXEzuimecvhOzKhB1ccD7kWJqk4ErHpkTB+m7JqkH7+9DA7wN+0m1Q
+bvAOlNV7inEyT3q9Wx+mQOVuipvk96iu/2Y1eMiyDuziFqJKgEwdr8ECldeLsVXY
+FkWe+BLwMzc5IW+WZmVPIyyv7MefZhGic9SBPtjk/TejqBASp5er5iFI75LCshwJ
+65Ph7RUKOkxNlslxjzZkVYpCP+NY+yU=
+-----END CERTIFICATE-----

.ci/docker-compose-file/redis/certs/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAu14msnHrNEozZiTLkcopL1XGA6J4P9bjzFH8bitj95yW0ca0
+fp2QRHTj5R1scn1cHS+Fzu5TzIX3gPgkKFPoC1io0a0UiWytgaz1esgFYkNhhAGv
+tWGbrcWY5OnxD/WKPyRUtxaMz3Zl8vlNXkktKX+qKtVDLGneKi52wob4Pb+Svi7K
+HUOCqCeZ2KjldnlEIg+pvnwQIrzu9dh7BROfUjt/+Da6iTUcYUBBUNfb29RfSlj2
+ay7pFeiC2OZsYZzjSQ1gLBfwWVd/IOG/CXw8vE6s3Dfxr9UkxryrkTSXXXPXq/cV
+zciLHPDBD35PjcGDhbQ4gU6UMV6REDHxLk2wBwIDAQABAoIBAQCKv47iZ6+n+iaT
+xj2lSVI0Rk0rFd38UFJCVJgcsS8HBsM8tuukM2PI/dJhMOfE5IYY6r8o3J3bf30n
+2RlVb8UO2emx03y4w2y88WqbMJGkEYed7G3EYHKbPQ8avQ6RJd/pICtHpYBChUe7
+pNehMYkrCOnnbCOhOQiWre+t36rmdbmD8ZAR4k85iu03lSX53ONJBC1Ivat1J43e
+8xfLhQNGaIdidFSzitExTx3TnPhiF9cIs0G4Nkh14E0cEqWLwP7FrRr+FoBr0tbG
+bJ0wvrBbNCIkWGOm694vPZzhkz6wEm5VnsE7DCZ8g2YZ9Sq9iEV00HGDaE4r0rhp
+cN4YLmqZAoGBANs3LGN4ADuZbv42e6DzQpI+WVCeE097SU7VwW7KmqBgPpqZWpgj
+rjiXHKwB2BHNH/TnN7TNC4OrSznkJaa71urebkW86BQfQQgevtTKZDbEqsQaQYNS
+9PGWbWTaMuoiQzc7KshHwrp7ZUXIPlSRhG+KzQgM2yo+NUG7Sv+NOmpLAoGBANrO
+5XkQPMSGDmFfuzQtBsgOMycOkyF0x7gU5ujfTQkIuVyMWPif7Gh92Gim7HDQpLjK
+qmipIEO5bdo6HXCLUQLB1rFXA69VymLPHrkz/ZsN/N6yHSDcdX3p2lRNXoEewzCb
+A2PlUC3F6pt24FSwGtEuvacBa5qVoEJpkWmbu/u1AoGAYSBP9X5ctAtmRxICsqw1
+SbCASBzRt3yLXXeN7bWszvP1qO/bWN8uOPqTBI8ImdKFny+22c+jk2IYwXyZRgeh
+0Ixe1V0+gnPaj2t357YIss9uTdbIQhRGXKfmrjGTL3Ogzl7TtMs+tvsnQsTXAQc8
+Y2NfNnrjvBK16/q83v9G64MCgYA6+YjgGIBId9loZWUPqxMo2Krw2/zMB63M79VM
+7uLUjIVpbGqOmIwfncu2aUdRIOtE41sK2orXtiLlrsRAkUxEcfpr0ggsOfNSroCZ
+amnwYNTHMTqooMMKLP2ruy69noz9jMpdInF55N5XCLNuIAkaWH7FhJx8DdgkDlAj
+JtaEAQKBgDrtbLhP8+4+N9QVH+KGl/mBR8mEKKkQ1nboovsvu+HAjhUey7LYgZUW
+HVY3HPqYlpHDDHWBd2w3yhHpR9zL0153LugPkNdm55463B+TwUK+MQmPc/elmrxk
+NpXRGwsDfVnT8N7uTkamjhpBTFUN2FpRojgin+kEMYuEqUQggHfM
+-----END RSA PRIVATE KEY-----

.github/workflows/run_test_cases.yaml

@@ -66,6 +66,7 @@ jobs:
                 -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
                 -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
                 -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
+                -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \
                 -f .ci/docker-compose-file/docker-compose.yaml \
                 up -d --build
         - name: run eunit

apps/emqx_authn/test/data/certs/cacert.pem

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUTCCAjmgAwIBAgIJAPPYCjTmxdt/MA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV
-BAYTAkNOMREwDwYDVQQIDAhoYW5nemhvdTEMMAoGA1UECgwDRU1RMQ8wDQYDVQQD
-DAZSb290Q0EwHhcNMjAwNTA4MDgwNjUyWhcNMzAwNTA2MDgwNjUyWjA/MQswCQYD
-VQQGEwJDTjERMA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UE
-AwwGUm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgVLex1
-EZ9ON64EX8v+wcSjzOZpiEOsAOuSXOEN3wb8FKUxCdsGrsJYB7a5VM/Jot25Mod2
-juS3OBMg6r85k2TWjdxUoUs+HiUB/pP/ARaaW6VntpAEokpij/przWMPgJnBF3Ur
-MjtbLayH9hGmpQrI5c2vmHQ2reRZnSFbY+2b8SXZ+3lZZgz9+BaQYWdQWfaUWEHZ
-uDaNiViVO0OT8DRjCuiDp3yYDj3iLWbTA/gDL6Tf5XuHuEwcOQUrd+h0hyIphO8D
-tsrsHZ14j4AWYLk1CPA6pq1HIUvEl2rANx2lVUNv+nt64K/Mr3RnVQd9s8bK+TXQ
-KGHd2Lv/PALYuwIDAQABo1AwTjAdBgNVHQ4EFgQUGBmW+iDzxctWAWxmhgdlE8Pj
-EbQwHwYDVR0jBBgwFoAUGBmW+iDzxctWAWxmhgdlE8PjEbQwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAGbhRUjpIred4cFAFJ7bbYD9hKu/yzWPWkMRa
-ErlCKHmuYsYk+5d16JQhJaFy6MGXfLgo3KV2itl0d+OWNH0U9ULXcglTxy6+njo5
-CFqdUBPwN1jxhzo9yteDMKF4+AHIxbvCAJa17qcwUKR5MKNvv09C6pvQDJLzid7y
-E2dkgSuggik3oa0427KvctFf8uhOV94RvEDyqvT5+pgNYZ2Yfga9pD/jjpoHEUlo
-88IGU8/wJCx3Ds2yc8+oBg/ynxG8f/HmCC1ET6EHHoe2jlo8FpU/SgGtghS1YL30
-IWxNsPrUP+XsZpBJy/mvOhE5QXo6Y35zDqqj8tI7AGmAWu22jg==
------END CERTIFICATE-----

apps/emqx_authn/test/data/certs/cert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
-MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
-MB4XDTIwMDUwODA4MDcwNVoXDTMwMDUwNjA4MDcwNVowPzELMAkGA1UEBhMCQ04x
-ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBlNlcnZl
-cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNeWT3pE+QFfiRJzKmn
-AMUrWo3K2j/Tm3+Xnl6WLz67/0rcYrJbbKvS3uyRP/stXyXEKw9CepyQ1ViBVFkW
-Aoy8qQEOWFDsZc/5UzhXUnb6LXr3qTkFEjNmhj+7uzv/lbBxlUG1NlYzSeOB6/RT
-8zH/lhOeKhLnWYPXdXKsa1FL6ij4X8DeDO1kY7fvAGmBn/THh1uTpDizM4YmeI+7
-4dmayA5xXvARte5h4Vu5SIze7iC057N+vymToMk2Jgk+ZZFpyXrnq+yo6RaD3ANc
-lrc4FbeUQZ5a5s5Sxgs9a0Y3WMG+7c5VnVXcbjBRz/aq2NtOnQQjikKKQA8GF080
-BQkCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
-BQADggEBAJefnMZpaRDHQSNUIEL3iwGXE9c6PmIsQVE2ustr+CakBp3TZ4l0enLt
-iGMfEVFju69cO4oyokWv+hl5eCMkHBf14Kv51vj448jowYnF1zmzn7SEzm5Uzlsa
-sqjtAprnLyof69WtLU1j5rYWBuFX86yOTwRAFNjm9fvhAcrEONBsQtqipBWkMROp
-iUYMkRqbKcQMdwxov+lHBYKq9zbWRoqLROAn54SRqgQk6c15JdEfgOOjShbsOkIH
-UhqcwRkQic7n1zwHVGVDgNIZVgmJ2IdIWBlPEC7oLrRrBD/X1iEEXtKab6p5o22n
-KB5mN+iQaE+Oe2cpGKZJiJRdM+IqDDQ=
------END CERTIFICATE-----

apps/emqx_authn/test/data/certs/client-cert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
-MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
-MB4XDTIwMDUwODA4MDY1N1oXDTMwMDUwNjA4MDY1N1owPzELMAkGA1UEBhMCQ04x
-ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBkNsaWVu
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMy4hoksKcZBDbY680u6
-TS25U51nuB1FBcGMlF9B/t057wPOlxF/OcmbxY5MwepS41JDGPgulE1V7fpsXkiW
-1LUimYV/tsqBfymIe0mlY7oORahKji7zKQ2UBIVFhdlvQxunlIDnw6F9popUgyHt
-dMhtlgZK8oqRwHxO5dbfoukYd6J/r+etS5q26sgVkf3C6dt0Td7B25H9qW+f7oLV
-PbcHYCa+i73u9670nrpXsC+Qc7Mygwa2Kq/jwU+ftyLQnOeW07DuzOwsziC/fQZa
-nbxR+8U9FNftgRcC3uP/JMKYUqsiRAuaDokARZxVTV5hUElfpO6z6/NItSDvvh3i
-eikCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
-BQADggEBABchYxKo0YMma7g1qDswJXsR5s56Czx/I+B41YcpMBMTrRqpUC0nHtLk
-M7/tZp592u/tT8gzEnQjZLKBAhFeZaR3aaKyknLqwiPqJIgg0pgsBGITrAK3Pv4z
-5/YvAJJKgTe5UdeTz6U4lvNEux/4juZ4pmqH4qSFJTOzQS7LmgSmNIdd072rwXBd
-UzcSHzsJgEMb88u/LDLjj1pQ7AtZ4Tta8JZTvcgBFmjB0QUi6fgkHY6oGat/W4kR
-jSRUBlMUbM/drr2PVzRc2dwbFIl3X+ZE6n5Sl3ZwRAC/s92JU6CPMRW02muVu6xl
-goraNgPISnrbpR6KjxLZkVembXzjNNc=
------END CERTIFICATE-----

apps/emqx_authn/test/data/certs/client-key.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzLiGiSwpxkENtjrzS7pNLblTnWe4HUUFwYyUX0H+3TnvA86X
-EX85yZvFjkzB6lLjUkMY+C6UTVXt+mxeSJbUtSKZhX+2yoF/KYh7SaVjug5FqEqO
-LvMpDZQEhUWF2W9DG6eUgOfDoX2milSDIe10yG2WBkryipHAfE7l1t+i6Rh3on+v
-561LmrbqyBWR/cLp23RN3sHbkf2pb5/ugtU9twdgJr6Lve73rvSeulewL5BzszKD
-BrYqr+PBT5+3ItCc55bTsO7M7CzOIL99BlqdvFH7xT0U1+2BFwLe4/8kwphSqyJE
-C5oOiQBFnFVNXmFQSV+k7rPr80i1IO++HeJ6KQIDAQABAoIBAGWgvPjfuaU3qizq
-uti/FY07USz0zkuJdkANH6LiSjlchzDmn8wJ0pApCjuIE0PV/g9aS8z4opp5q/gD
-UBLM/a8mC/xf2EhTXOMrY7i9p/I3H5FZ4ZehEqIw9sWKK9YzC6dw26HabB2BGOnW
-5nozPSQ6cp2RGzJ7BIkxSZwPzPnVTgy3OAuPOiJytvK+hGLhsNaT+Y9bNDvplVT2
-ZwYTV8GlHZC+4b2wNROILm0O86v96O+Qd8nn3fXjGHbMsAnONBq10bZS16L4fvkH
-5G+W/1PeSXmtZFppdRRDxIW+DWcXK0D48WRliuxcV4eOOxI+a9N2ZJZZiNLQZGwg
-w3A8+mECgYEA8HuJFrlRvdoBe2U/EwUtG74dcyy30L4yEBnN5QscXmEEikhaQCfX
-Wm6EieMcIB/5I5TQmSw0cmBMeZjSXYoFdoI16/X6yMMuATdxpvhOZGdUGXxhAH+x
-xoTUavWZnEqW3fkUU71kT5E2f2i+0zoatFESXHeslJyz85aAYpP92H0CgYEA2e5A
-Yozt5eaA1Gyhd8SeptkEU4xPirNUnVQHStpMWUb1kzTNXrPmNWccQ7JpfpG6DcYl
-zUF6p6mlzY+zkMiyPQjwEJlhiHM2NlL1QS7td0R8ewgsFoyn8WsBI4RejWrEG9td
-EDniuIw+pBFkcWthnTLHwECHdzgquToyTMjrBB0CgYEA28tdGbrZXhcyAZEhHAZA
-Gzog+pKlkpEzeonLKIuGKzCrEKRecIK5jrqyQsCjhS0T7ZRnL4g6i0s+umiV5M5w
-fcc292pEA1h45L3DD6OlKplSQVTv55/OYS4oY3YEJtf5mfm8vWi9lQeY8sxOlQpn
-O+VZTdBHmTC8PGeTAgZXHZUCgYA6Tyv88lYowB7SN2qQgBQu8jvdGtqhcs/99GCr
-H3N0I69LPsKAR0QeH8OJPXBKhDUywESXAaEOwS5yrLNP1tMRz5Vj65YUCzeDG3kx
-gpvY4IMp7ArX0bSRvJ6mYSFnVxy3k174G3TVCfksrtagHioVBGQ7xUg5ltafjrms
-n8l55QKBgQDVzU8tQvBVqY8/1lnw11Vj4fkE/drZHJ5UkdC1eenOfSWhlSLfUJ8j
-ds7vEWpRPPoVuPZYeR1y78cyxKe1GBx6Wa2lF5c7xjmiu0xbRnrxYeLolce9/ntp
-asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
------END RSA PRIVATE KEY-----

apps/emqx_authn/test/data/certs/key.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAs15ZPekT5AV+JEnMqacAxStajcraP9Obf5eeXpYvPrv/Stxi
-sltsq9Le7JE/+y1fJcQrD0J6nJDVWIFUWRYCjLypAQ5YUOxlz/lTOFdSdvotevep
-OQUSM2aGP7u7O/+VsHGVQbU2VjNJ44Hr9FPzMf+WE54qEudZg9d1cqxrUUvqKPhf
-wN4M7WRjt+8AaYGf9MeHW5OkOLMzhiZ4j7vh2ZrIDnFe8BG17mHhW7lIjN7uILTn
-s36/KZOgyTYmCT5lkWnJeuer7KjpFoPcA1yWtzgVt5RBnlrmzlLGCz1rRjdYwb7t
-zlWdVdxuMFHP9qrY206dBCOKQopADwYXTzQFCQIDAQABAoIBAQCuvCbr7Pd3lvI/
-n7VFQG+7pHRe1VKwAxDkx2t8cYos7y/QWcm8Ptwqtw58HzPZGWYrgGMCRpzzkRSF
-V9g3wP1S5Scu5C6dBu5YIGc157tqNGXB+SpdZddJQ4Nc6yGHXYERllT04ffBGc3N
-WG/oYS/1cSteiSIrsDy/91FvGRCi7FPxH3wIgHssY/tw69s1Cfvaq5lr2NTFzxIG
-xCvpJKEdSfVfS9I7LYiymVjst3IOR/w76/ZFY9cRa8ZtmQSWWsm0TUpRC1jdcbkm
-ZoJptYWlP+gSwx/fpMYftrkJFGOJhHJHQhwxT5X/ajAISeqjjwkWSEJLwnHQd11C
-Zy2+29lBAoGBANlEAIK4VxCqyPXNKfoOOi5dS64NfvyH4A1v2+KaHWc7lqaqPN49
-ezfN2n3X+KWx4cviDD914Yc2JQ1vVJjSaHci7yivocDo2OfZDmjBqzaMp/y+rX1R
-/f3MmiTqMa468rjaxI9RRZu7vDgpTR+za1+OBCgMzjvAng8dJuN/5gjlAoGBANNY
-uYPKtearBmkqdrSV7eTUe49Nhr0XotLaVBH37TCW0Xv9wjO2xmbm5Ga/DCtPIsBb
-yPeYwX9FjoasuadUD7hRvbFu6dBa0HGLmkXRJZTcD7MEX2Lhu4BuC72yDLLFd0r+
-Ep9WP7F5iJyagYqIZtz+4uf7gBvUDdmvXz3sGr1VAoGAdXTD6eeKeiI6PlhKBztF
-zOb3EQOO0SsLv3fnodu7ZaHbUgLaoTMPuB17r2jgrYM7FKQCBxTNdfGZmmfDjlLB
-0xZ5wL8ibU30ZXL8zTlWPElST9sto4B+FYVVF/vcG9sWeUUb2ncPcJ/Po3UAktDG
-jYQTTyuNGtSJHpad/YOZctkCgYBtWRaC7bq3of0rJGFOhdQT9SwItN/lrfj8hyHA
-OjpqTV4NfPmhsAtu6j96OZaeQc+FHvgXwt06cE6Rt4RG4uNPRluTFgO7XYFDfitP
-vCppnoIw6S5BBvHwPP+uIhUX2bsi/dm8vu8tb+gSvo4PkwtFhEr6I9HglBKmcmog
-q6waEQKBgHyecFBeM6Ls11Cd64vborwJPAuxIW7HBAFj/BS99oeG4TjBx4Sz2dFd
-rzUibJt4ndnHIvCN8JQkjNG14i9hJln+H3mRss8fbZ9vQdqG+2vOWADYSzzsNI55
-RFY7JjluKcVkp/zCDeUxTU3O6sS+v6/3VE11Cob6OYQx3lN5wrZ3
------END RSA PRIVATE KEY-----

apps/emqx_authn/test/data/certs/redis-tls-ca.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
+ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx
+MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0
+MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q
+XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD
+yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0
+Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf
+XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg
+UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co
+/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O
+x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki
++lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs
+/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf
+weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg
+VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl
+4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ
+KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX
+RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW
+whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO
+JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5
+Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh
+AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD
+wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB
+LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ
+/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk
+UElFARdXALiZWg==
+-----END CERTIFICATE-----

apps/emqx_authn/test/data/certs/redis-tls-client.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
+BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe
+Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz
+IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP
+g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D
+zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn
+qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN
+IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa
+BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG
+CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT
+nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY
+zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc
+frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr
+mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn
+HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z
+odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5
+MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3
+oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT
+y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J
+nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr
+R5q5VPKvniiw0/HiJNbNG0ZHDCU=
+-----END CERTIFICATE-----

apps/emqx_authn/test/data/certs/redis-tls-client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI
++bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON
+TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8
+SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At
+T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa
+DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT
+gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH
+Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L
+Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm
+6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U
+O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD
+RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE
+dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb
+QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75
+ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk
+xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh
+MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO
+PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U
+0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h
+tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0
+dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL
+L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP
+7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU
+eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU
+l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM
+-----END RSA PRIVATE KEY-----

apps/emqx_authn/test/emqx_authn_redis_SUITE.erl

@@ -52,7 +52,7 @@ end_per_group(require_seeds, Config) ->
     Config.
 
 init_per_suite(Config) ->
-   _ = application:load(emqx_conf),
+    _ = application:load(emqx_conf),
     case emqx_authn_test_lib:is_tcp_server_available(?REDIS_HOST, ?REDIS_PORT) of
         true ->
             ok = emqx_common_test_helpers:start_apps([emqx_authn]),

apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl

@@ -0,0 +1,153 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_redis_tls_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authn.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+-define(REDIS_HOST, "redis-tls").
+-define(REDIS_PORT, 6380).
+
+-define(PATH, [authentication]).
+
+all() ->
+    emqx_common_test_helpers:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_testcase(_, Config) ->
+    {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
+    emqx_authentication:initialize_authentication(?GLOBAL, []),
+    emqx_authn_test_lib:delete_authenticators(
+      [authentication],
+      ?GLOBAL),
+    Config.
+
+init_per_suite(Config) ->
+    _ = application:load(emqx_conf),
+    case emqx_authn_test_lib:is_tcp_server_available(?REDIS_HOST, ?REDIS_PORT) of
+        true ->
+            ok = emqx_common_test_helpers:start_apps([emqx_authn]),
+            ok = start_apps([emqx_resource, emqx_connector]),
+            Config;
+        false ->
+            {skip, no_redis}
+    end.
+
+end_per_suite(_Config) ->
+    emqx_authn_test_lib:delete_authenticators(
+      [authentication],
+      ?GLOBAL),
+    ok = stop_apps([emqx_resource, emqx_connector]),
+    ok = emqx_common_test_helpers:stop_apps([emqx_authn]).
+
+%%------------------------------------------------------------------------------
+%% Tests
+%%------------------------------------------------------------------------------
+
+t_create(_Config) ->
+    ?assertMatch(
+       {ok, _},
+       create_redis_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"redis-tls">>,
+           <<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.3">>],
+           <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})).
+
+t_create_invalid(_Config) ->
+    %% invalid server_name
+    ?assertMatch(
+       {error, _},
+       create_redis_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"redis-tls-unknown-host">>,
+           <<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.3">>],
+           <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})),
+
+    %% invalid server_name (eredis connects by ip address)
+    ?assertMatch(
+       {error, _},
+       create_redis_auth_with_ssl_opts(
+         #{<<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.3">>],
+           <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})),
+
+    %% incompatible versions
+    ?assertMatch(
+        {error, _},
+        create_redis_auth_with_ssl_opts(
+                   #{<<"server_name_indication">> => <<"redis-tls">>,
+                     <<"verify">> => <<"verify_peer">>,
+                     <<"versions">> => [<<"tlsv1.1">>, <<"tlsv1.2">>]})),
+
+    %% incompatible ciphers
+    ?assertMatch(
+       {error, _},
+       create_redis_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"redis-tls">>,
+           <<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.3">>],
+           <<"ciphers">> => [<<"TLS_AES_128_GCM_SHA256">>]})).
+
+%%------------------------------------------------------------------------------
+%% Helpers
+%%------------------------------------------------------------------------------
+
+create_redis_auth_with_ssl_opts(SpecificSSLOpts) ->
+    AuthConfig = raw_redis_auth_config(SpecificSSLOpts),
+    emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}).
+
+raw_redis_auth_config(SpecificSSLOpts) ->
+    SSLOpts = maps:merge(
+                client_ssl_opts(),
+                #{enable => <<"true">>}),
+    #{
+      mechanism => <<"password-based">>,
+      password_hash_algorithm => #{name => <<"plain">>,
+                                   salt_position => <<"suffix">>},
+      enable => <<"true">>,
+
+      backend => <<"redis">>,
+      cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
+      database => <<"1">>,
+      password => <<"public">>,
+      server => redis_server(),
+      ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+     }.
+
+redis_server() ->
+    iolist_to_binary(
+      io_lib:format(
+        "~s:~b",
+        [?REDIS_HOST, ?REDIS_PORT])).
+
+start_apps(Apps) ->
+    lists:foreach(fun application:ensure_all_started/1, Apps).
+
+stop_apps(Apps) ->
+    lists:foreach(fun application:stop/1, Apps).
+
+client_ssl_opts() ->
+    Dir = code:lib_dir(emqx_authn, test),
+    #{keyfile    => filename:join([Dir, <<"data/certs">>, "redis-tls-client.key"]),
+      certfile   => filename:join([Dir, <<"data/certs">>, "redis-tls-client.crt"]),
+      cacertfile => filename:join([Dir, <<"data/certs">>, "redis-tls-ca.crt"])}.

apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl

@@ -75,7 +75,7 @@ save_files_return_opts(Options, Dir) ->
     CA = do_save_file(CAFile, Dir),
     Verify = GetD(verify, verify_none),
     SNI = Get(server_name_indication),
-    Versions = emqx_tls_lib:integral_versions(Get(tls_versions)),
+    Versions = emqx_tls_lib:integral_versions(Get(versions)),
     Ciphers = emqx_tls_lib:integral_ciphers(Versions, Get(ciphers)),
     filter([{keyfile, Key}, {certfile, Cert}, {cacertfile, CA},
             {verify, Verify}, {server_name_indication, SNI}, {versions, Versions}, {ciphers, Ciphers}]).