chore(authn): test Mysql authn via ssl connection

.ci/docker-compose-file/Makefile.local

@@ -20,6 +20,7 @@ up:
 		-f .ci/docker-compose-file/docker-compose.yaml \
 		-f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
+		-f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \
 		-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \
 		-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
@@ -31,6 +32,7 @@ down:
 		-f .ci/docker-compose-file/docker-compose.yaml \
 		-f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
+		-f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \
 		-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
 		-f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \
 		-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \

.ci/docker-compose-file/docker-compose-mysql-tls.yaml

@@ -1,47 +1,35 @@
 version: '3.9'
 
 services:
-  mysql_server:
-    container_name: mysql
+  mysql_server_tls:
+    container_name: mysql-tls
     image: mysql:${MYSQL_TAG}
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: public
       MYSQL_DATABASE: mqtt
-      MYSQL_USER: ssluser
+      MYSQL_USER: user
       MYSQL_PASSWORD: public
     volumes:
-      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca-cert.pem
-      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/server-cert.pem
-      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/server-key.pem
+      - ./mysql/certs/ca.crt:/etc/certs/ca-cert.pem
+      - ./mysql/certs/server.crt:/etc/certs/server-cert.pem
+      - ./mysql/certs/server.key:/etc/certs/server-key.pem
     ports:
-      - "3306:3306"
+      - "3307:3306"
     networks:
       - emqx_bridge
     command:
-      --bind-address "::"
-      --character-set-server=utf8mb4
-      --collation-server=utf8mb4_general_ci
-      --explicit_defaults_for_timestamp=true
-      --lower_case_table_names=1
-      --max_allowed_packet=128M
-      --skip-symbolic-links
-      --ssl-ca=/etc/certs/ca-cert.pem
-      --ssl-cert=/etc/certs/server-cert.pem
-      --ssl-key=/etc/certs/server-key.pem
+      - --bind-address=0.0.0.0
+      - --port=3306
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_general_ci
+      - --explicit_defaults_for_timestamp=true
+      - --lower_case_table_names=1
+      - --max_allowed_packet=128M
+      - --ssl-ca=/etc/certs/ca-cert.pem
+      - --ssl-cert=/etc/certs/server-cert.pem
+      - --ssl-key=/etc/certs/server-key.pem
+      - --require-secure-transport=ON
+      - --tls-version=TLSv1.2,TLSv1.3
+      - --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384
 
-  mysql_client:
-    container_name: mysql_client
-    image: mysql:${MYSQL_TAG}
-    networks:
-      - emqx_bridge
-    depends_on:
-      - mysql_server
-    command:
-      - /bin/bash
-      - -c
-      - |
-        service mysql start
-        echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt mqtt
-        while [[ $$? -ne 0 ]];do echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt; done
-        echo "ALTER USER 'ssluser'@'%' REQUIRE X509;" | mysql -h mysql_server -u root -ppublic mqtt

.ci/docker-compose-file/mysql/certs/ca.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF
+TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy
+MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe
+MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8
+dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu
+TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW
+qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj
+mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr
+s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4
+I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz
+YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh
+uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx
+n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3
+1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC
+AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X
+Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl
+36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s
+0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz
+smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX
+HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7
+h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU
+vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr
+7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm
+FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC
+KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN
+2U0l7v2i0qA=
+-----END CERTIFICATE-----

.ci/docker-compose-file/mysql/certs/ca.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8dhF0
+mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwuTXkv
+61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IWqlmT
+uU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrjmdTG
+0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwrs5NQ
+5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4I1nT
+uo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGzYcnK
+s8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjshuZBp
+5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfxn9hS
+GGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij31XpY
+IOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kCAwEA
+AQKCAgBYRRYP5D0573y1J49PYsv6mlprn6PYURhkyz67dkXjmrDZpxmmts42GZvf
+GmgdpJK8Xjiz9qGzG91IIa12sJ0Hvca3JH9EI+YfxxE/QyueBx3nKSnrF44Z1M9O
+pu+094Qhxr+5gzOVv1SN/nkb78N2XIeUXdxxOvJ2gciArkLC+9UMMc8GIj5d/uGr
+UcdVQQktrpxUR2VmlGya+Cmu2SGTSyG0IdbDF8j6DWfJwRzi+ysoDhGiwj3n0Hsx
+erqVo3TFS/q526IAmE+xgAyQpgTJLc7NLsGdw4+fhGtqQmXAtSBnSMOu5Nry6hTq
+4zBOJu9wNcPpl09yIe+ij0WB1YSSPXRsfYM2sIxBLAOqbXeba5+kv75CIkXEywDs
+dJSszfo5nHvZFd5/CLdmz/+gjxMCKgW5p5YFkUZOgpPBP0imHQGIwllBeGiLoJU7
+zR7yWtwwtmul9M4zFgWct+fOzZmFvn5Pei0CbI8/y93pjmypdcV2unTg+jqZKoek
+vJ3SZkVYe86TqskKUEXFQPlLf5xHENXGJ/XA7ge6H/dRIvyQak+j6TH1tZ9JPwJz
+ML0ZpBXSytVZq2sVhLBxAoXu+Fl01lWKuveOvlsxeh7FionNqGAYohznZ2b5iNvA
+yl00LzahdssnprF0fX/43I3ShlcRC4tHsla9ZLFTBf6MkP8wkQKCAQEA2GPloMMi
+BQu6geaf9psyFM3dQ0ouV4bKQODinCwv31Z30aOdzKLlyKD8BlGC7VoqeTxoxsej
+t6rNoZmzNXQR1sy53PeHvvix6a2t00kYZ7CDmSQbBSfKT5FCx3PlmT1OXKlib1vi
+0A1LVQLw+tsGL5KuF/Yxp8GoGb5wKHENiZkh2sKS93kWxNY58SrmHNo/XySTXUF5
+vijR1g6fkW5o4zXZDkG0JuH1KhouLA99ZVQCWfQpk/+w+rY7CbbChSnYE9DTVul9
+VJPejb1y38UTtPHMaaK0NV6a3qoYnMi5UKYLNEkd1OyFwpUxB+Z0GfaksfiUqFzG
+Huq/NmlwSt/VSwKCAQEAzdFv57WW0HQ+YHcPml9SLBhJW2cilPDAYFwDBSMxDgEx
+4RehRpoVt3qf0Qg1fP8eqgFnMoDVrswsKI/IvUAyfCQrynEnCpoaJXfI1YjGx5k2
+ElSE6hkNaiTEb91Mj/gnJRHI7Rh50kOAltLrP/UFrt+poo1McEBlgJS79B1VLUMP
+Vg6Ve7w0t9gmFH+uOFO6RBiFzwfagKFaJaU05r7VzROeMeQOFeq3wodKCHGX7kQK
+kfn2ZcjqmLa8PxXklkqyh+tNcnkyw5rM/WEnCsQHrMvbClJ/skjDb3xJY5lV5CVX
+zWG9AgiCTpz1vwf+WBS1WCnYfxpjm/yI2C4bfPTt+wKCAQBOwFRypHF+Gp2e5vry
+edrJHX7YHWguLHzxDacLJT2q70IeBojIT8SGtqfh+MpIbVcl1ilfpopbroq1tEU3
+P+26GbnOxDsf8kx1eeLYETMTkXbjRfObdba4LGp8Qh6eHWSmbnLHik5KX3w6DR78
+fLeMmrpHOC8sGVt/OwKAhVxi5lsezU9FR0lVC438yhsDBx6nFp2XA9w1q49qctn5
+yI/dmNxMxva0a+mYj/ybxmthdCiC6kwzc4vKQoXL7Dpw0iC0XXx8le8p18LYHMlw
+zL12TcWR8EfbYHnGbWsVrCtdQYC0X6O+uPGZNkio0mMQi+W2a3xWpaTo3ZAHUmou
+pbVvAoIBADphtFqHufX7Y049t6FUdJypbvWMddTFzewHbZvhdaLBWAK/jzHVt19K
+W1cR+wov2+ThbQJ4ZSSmKch/sLNuKGPqZrmQC0EIoW4LYl6f47LulNXyP5mf7Zw0
+Pbx1i6gy/feX6eTHUpcAKtOdlLmZqTkHnLjNV+dnfONSTVZbk7O5F/qTPHfS1Slp
+GLQr26GCro1uX1Zwpdxi6I1RJYZmj4MSk4cXZ59z6xg1BB0NC8m8ZzstKmWI7nLP
+Muq6LRMssSO47UkRdALkQE2HZ2m4XWz4jnOJH0vVNArFuJOWBTUoGpXZqaGQBFaE
+U3kSrWUSyrXteMnlFGhE5BReT9HMME0CggEAQbKf5ScS0OT8glQi/1lZk7blx1tU
+Y+HU7nZhf1Yv6jdb9KEMYcaYeVA3WXgKdzy9EpQm9NimabMWdCF8axWkTlrnyYVR
+hv0yOXXfkvlROFdmIuVsXIAGc05xtZc9xjZLLuoslZjc/PFnzQ85KWwr6EW6B423
+OKf1ZuKRQCTgKO/lqWeglZZy1OjQUF+EnVNFJRDrqHHptm2Cn7XMTy8Ta0OxsGe8
+s9U6U+KbEecZcpFk1dRbR8V4sh+wO9xHPXbvyJqJqgxe2ZsJt2Nfg6UlfgfEpS6a
+92Urp1sL16nFIF5plfaS+G2FzPDT8HdViHgld7Zx19emfZh/F/aif4ilyg==
+-----END RSA PRIVATE KEY-----

.ci/docker-compose-file/mysql/certs/client.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV
+BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU
+ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if
+lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9
+F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw
+z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o
+MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn
+rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg
+hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT
+r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM
+NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL
+r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve
+GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb
+Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB
+FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G
+P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr
+uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5
+4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC
+3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL
+cAoHRdVL49vKck34UNhFlTLH
+-----END CERTIFICATE-----

.ci/docker-compose-file/mysql/certs/client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR
++RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j
+yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO
+arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm
+Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH
+UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky
+2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq
+VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL
+lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s
+st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP
+rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN
+idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA
+l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym
+tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/
+jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v
+Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z
+EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg
+eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb
+5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh
+SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0
+qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6
+5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9
+tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE
+Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA
+9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg=
+-----END RSA PRIVATE KEY-----

.ci/docker-compose-file/mysql/certs/server.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEATCCAemgAwIBAgIJAOaPZ7X3df3FMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV
+BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowKDESMBAGA1UECgwJRU1RWCBU
+ZXN0MRIwEAYDVQQDDAlteXNxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCh2cM9B9ZnFB3aE2pdfof7j3Z+ctStqnjFZUzgZcM0afyzNPQbn6Xq
+j4rh+dan/6V3XVXJn5pK7wVaYtXrrRW/Wx9avx2mzbRNDRVYbHOKZWrS1zE3lMss
+SKRXc/WzttYKS+yL9nn+MuFfz1+iP1PqM42PciJoAizNiQ5RQbXBJ/gCHLVeulFO
+V1pza0ND1lcW9WZa1j/SHJFeLU1EsT56dwMf3qSHdg9KtdvY4AHgi5EQ49F8IO6+
+C+UMutcgeH6EkSYKpL5dyem7OT4TE1p0AEPQeQzwCYv4VKA1/lIGGsYasaGZascI
+kH4jwboKj8iIxdlog7mNyzMv3kvYCM97AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR
+BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBADmTco5dc1CcEUP3
+nAfo2NC0UDzU+UavkBelxY+67OiGWVlX62GzxfA8iL8HbemwZ0zZbX2xMZVAbQ9Z
+IFK5nRj/hYxEVsN2NkYlHI1KmxSjv5HuvK4p2C+/0jOSEFhyNYc1kyjerLlFk9JL
+CLhdqTS125FjiQE/qpgrYo/Y7COU37tF8uB4WV3UMq8PsHPdWfaCdU/c5ctuoL1U
+4YVWKLe4LG6vLbjRGOX+6kCjJcwK3Dr/zas45wMXDQg1KeyXniC1jbdYXi4E7VNn
+Rbdf1SMdlWlBR3LLDhz3kHlOL5UCrf3U8TUsTFlPLR6KJ/Ogx+J6HSPlgXIiGjmx
+ZB/hSwzVTZqAjfCHEroQndbjSQTLitC8A0ujCDFztqEuVCfuU8XS3I83bdCNBr34
+SrCfVTjtKDMdDcXh21EZLtB16XXoHfOSuGgQL/ym/HOWqlY7/NHh6za56TmMzWiy
+HfYgZAeYtxZWMsXnINALzXl2XR2wQ/g02u3vyCA0CwnBybYWwi8WmNWJcxVMrmEE
+DD5sEMW+TZVgs5PgA5ER9gEj8uAS+yxcjNgSDj93cp+uChOl0Zs3jYMD+nUxF48r
+kCQPjxF7JLbNS9o4xvNc6fkVDd84Q7tWHH5lKdclEeYn8nvCohPJEEdEsGYSGkab
+eOqhTvkLF40TzG6/H0yFBuU9joFc
+-----END CERTIFICATE-----

.ci/docker-compose-file/mysql/certs/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAodnDPQfWZxQd2hNqXX6H+492fnLUrap4xWVM4GXDNGn8szT0
+G5+l6o+K4fnWp/+ld11VyZ+aSu8FWmLV660Vv1sfWr8dps20TQ0VWGxzimVq0tcx
+N5TLLEikV3P1s7bWCkvsi/Z5/jLhX89foj9T6jONj3IiaAIszYkOUUG1wSf4Ahy1
+XrpRTldac2tDQ9ZXFvVmWtY/0hyRXi1NRLE+encDH96kh3YPSrXb2OAB4IuREOPR
+fCDuvgvlDLrXIHh+hJEmCqS+Xcnpuzk+ExNadABD0HkM8AmL+FSgNf5SBhrGGrGh
+mWrHCJB+I8G6Co/IiMXZaIO5jcszL95L2AjPewIDAQABAoIBAFaAv7OXw8S14LqU
+U+4CWYVfCNLOZtMm4IOH/82TNgCGgRP6wlkdO50g+PaMBGkn3nTsgpRPZDSWiULk
+vjbG/G+YsSpcKOnk2W+xBW6MEDiwuaZUcy6krO5PKN7A0For5zv7lkK8CjmNUh1W
+BWP++seapBc9xhvWxcFYdjmBqDXCYEEkb7oqgE5slDlHAtMGNlqu8RxLem3Z5tgD
+8EuApwf5kPiPUt6TObGanY8CPrCrTb993IUTE3wZoaVk06Iz/1CTpzU7/XN6Z2RC
+0U1UbDDpUec8r7gAN8URJ6zL0QCU45qQVABOKbWOQZORVnbkbDwWpD5Sr9ySIm1p
+2WhP81kCgYEA0cF1CJmBs8kAOuHnvDSkNOyrzMRsGPbtB7l2n/Xg1WZ6OlexcBGi
+ovFf428VaXpJRNfWFmuiSh2I5HV3FMGyLGOo3Rs6h4IHk9MGYzujRtia9x153PoR
+O7oOKzu760CvlEQ8og4IcaHfp2ZiWw2F4W/gGVdXvXl79bgjbyLAYOcCgYEAxYiP
+SXEEPPPGWy+kV7iSzzo32ybWJ1ftYcwZ+jENvaCSfNvZbDnZtOrzeHTI97oNe38n
+WtE751qJsuoVM/YD5lJhPL7GP0CtkLq+oO0/smRqk+r767NJTWBOCbOcQ0NJ/1il
+fojvPKYX8sFMRBkmCGRHnjEW1QUhJtuot1Dfxk0CgYAIkWNrb4HJyzsULKgfmvLe
+KpC184wK1QNHnn7G9+8wKFhzy6M21bGUAFIPYzk3rsQRaNOY5NqjNmOiGV483dCe
+WY/LQFJ6uIgAtMz8/rGjsjNaRrz0ls5fZzEu+OirKmBBqSvk3rfflGIjX15DI+FF
+HSHFRzkRR0YV+miQIJZFHwKBgBuOxKazTKsQO1EHYX8XcevVLGu3jFLq0mQ9bDZa
+V5dn6mfe6ANQQs4ZpSPd7xeYbj8Xay8hV6EcIW/DdnfMT5j3TzeBSfkTFePGGcgr
+sSI7Hh9KviCQ354a3GhAFYHQxmcIP/ZaNj4Y0eh9DR3HAGZVTySDprLLR2e7Z1tD
+viRVAoGAZKinM3zuPm2jAoIwYLB3Z/X0qewiLdf7JMmhelHHscB+F6fUqURSeBaX
+GvIYkkKvoVt4qPpSeDBpmkRF682Zo2VegVTakWW0vxliAOTNCZCAC2zsZxGZ0E/r
+LysCtImLRyZws2a2RWR9ONplCclrYiVxwr9y+TaltAx/RED0Y8c=
+-----END RSA PRIVATE KEY-----

.github/workflows/run_test_cases.yaml

@@ -64,6 +64,7 @@ jobs:
             docker-compose \
                 -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \
                 -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
+                -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \
                 -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
                 -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \
                 -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \

apps/emqx_authn/test/data/certs/mysql-tls-ca.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF
+TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy
+MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe
+MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8
+dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu
+TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW
+qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj
+mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr
+s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4
+I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz
+YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh
+uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx
+n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3
+1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC
+AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X
+Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl
+36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s
+0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz
+smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX
+HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7
+h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU
+vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr
+7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm
+FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC
+KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN
+2U0l7v2i0qA=
+-----END CERTIFICATE-----

apps/emqx_authn/test/data/certs/mysql-tls-client.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV
+BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU
+ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if
+lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9
+F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw
+z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o
+MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn
+rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg
+hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT
+r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM
+NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL
+r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve
+GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb
+Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB
+FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G
+P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr
+uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5
+4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC
+3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL
+cAoHRdVL49vKck34UNhFlTLH
+-----END CERTIFICATE-----

apps/emqx_authn/test/data/certs/mysql-tls-client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR
++RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j
+yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO
+arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm
+Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH
+UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky
+2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq
+VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL
+lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s
+st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP
+rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN
+idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA
+l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym
+tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/
+jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v
+Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z
+EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg
+eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb
+5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh
+SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0
+qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6
+5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9
+tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE
+Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA
+9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg=
+-----END RSA PRIVATE KEY-----

apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl

@@ -22,8 +22,6 @@
 -include("emqx_authn.hrl").
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("common_test/include/ct.hrl").
--include_lib("emqx/include/emqx_placeholder.hrl").
-
 
 -define(MYSQL_HOST, "mysql").
 -define(MYSQL_PORT, 3306).

apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl

@@ -0,0 +1,150 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_mysql_tls_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authn.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+-define(MYSQL_HOST, "mysql-tls").
+-define(MYSQL_PORT, 3306).
+
+-define(PATH, [authentication]).
+
+all() ->
+    emqx_common_test_helpers:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_testcase(_, Config) ->
+    {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
+    emqx_authentication:initialize_authentication(?GLOBAL, []),
+    emqx_authn_test_lib:delete_authenticators(
+      [authentication],
+      ?GLOBAL),
+    Config.
+
+init_per_suite(Config) ->
+    _ = application:load(emqx_conf),
+    case emqx_authn_test_lib:is_tcp_server_available(?MYSQL_HOST, ?MYSQL_PORT) of
+        true ->
+            ok = emqx_common_test_helpers:start_apps([emqx_authn]),
+            ok = start_apps([emqx_resource, emqx_connector]),
+            Config;
+        false ->
+            {skip, no_mysql_tls}
+    end.
+
+end_per_suite(_Config) ->
+    emqx_authn_test_lib:delete_authenticators(
+      [authentication],
+      ?GLOBAL),
+    ok = stop_apps([emqx_resource, emqx_connector]),
+    ok = emqx_common_test_helpers:stop_apps([emqx_authn]).
+
+%%------------------------------------------------------------------------------
+%% Tests
+%%------------------------------------------------------------------------------
+
+t_create(_Config) ->
+    %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \
+    %%   -connect mysql-tls:3306 -starttls mysql \
+    %%   -cert mysql-tls-client.crt -key mysql-tls-client.key -CAfile mysql-tls-ca.crt
+    ?assertMatch(
+       {ok, _},
+       create_mysql_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"mysql-tls">>,
+           <<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.2">>],
+           <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})).
+
+t_create_invalid(_Config) ->
+
+    %% invalid server_name
+    ?assertMatch(
+       {error, _},
+       create_mysql_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"mysql-tls-unknown-host">>,
+           <<"verify">> => <<"verify_peer">>})),
+
+    %% incompatible versions
+    ?assertMatch(
+       {error, _},
+       create_mysql_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"mysql-tls">>,
+           <<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.1">>]})),
+
+    %% incompatible ciphers
+    ?assertMatch(
+       {error, _},
+       create_mysql_auth_with_ssl_opts(
+         #{<<"server_name_indication">> => <<"mysql-tls">>,
+           <<"verify">> => <<"verify_peer">>,
+           <<"versions">> => [<<"tlsv1.2">>],
+           <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})).
+
+%%------------------------------------------------------------------------------
+%% Helpers
+%%------------------------------------------------------------------------------
+
+create_mysql_auth_with_ssl_opts(SpecificSSLOpts) ->
+    AuthConfig = raw_mysql_auth_config(SpecificSSLOpts),
+    emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}).
+
+raw_mysql_auth_config(SpecificSSLOpts) ->
+    SSLOpts = maps:merge(
+                client_ssl_opts(),
+                #{enable => <<"true">>}),
+    #{
+      mechanism => <<"password-based">>,
+      password_hash_algorithm => #{name => <<"plain">>,
+                                   salt_position => <<"suffix">>},
+      enable => <<"true">>,
+
+      backend => <<"mysql">>,
+      database => <<"mqtt">>,
+      username => <<"root">>,
+      password => <<"public">>,
+
+      query => <<"SELECT password_hash, salt, is_superuser_str as is_superuser
+                      FROM users where username = ${username} LIMIT 1">>,
+      server => mysql_server(),
+      ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+     }.
+
+mysql_server() ->
+    iolist_to_binary(
+      io_lib:format(
+        "~s:~b",
+        [?MYSQL_HOST, ?MYSQL_PORT])).
+
+start_apps(Apps) ->
+    lists:foreach(fun application:ensure_all_started/1, Apps).
+
+stop_apps(Apps) ->
+    lists:foreach(fun application:stop/1, Apps).
+
+client_ssl_opts() ->
+    Dir = code:lib_dir(emqx_authn, test),
+    #{keyfile    => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.key"]),
+      certfile   => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.crt"]),
+      cacertfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-ca.crt"])}.

apps/emqx_connector/src/emqx_connector_mysql.erl

@@ -60,8 +60,7 @@ on_start(InstId, #{server := {Host, Port},
                   connector => InstId, config => Config}),
     SslOpts = case maps:get(enable, SSL) of
         true ->
-            [{ssl, [{server_name_indication, disable} |
-                    emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}];
+            [{ssl, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}];
         false -> []
     end,
     Options = [{host, Host},