Validate TLS certificate files contain valid PEM data at startup

RabbitMQ currently accepts invalid TLS certificate files at startup
without validation, only failing silently when clients attempt to
connect. This occurs because Erlang's TLS implementation lazily loads
certificates on first connection rather than at configuration time.
Users may not discover misconfigured certificates until production
traffic fails.

This change adds a `pem_file` validator to the cuttlefish schema that
reads certificate files and validates they contain valid PEM data using
`public_key:pem_decode/1`. The validator rejects empty files and files
without valid PEM entries, causing RabbitMQ to fail at startup with a
clear error message identifying the invalid file.

The validator applies to all TLS certificate file mappings across 6
schema files: `cacertfile`, `certfile`, and `keyfile` for main
listeners, definitions import, syslog, HTTP auth backend, LDAP auth
backend, and peer discovery (Consul, etcd, Kubernetes). DH parameter
files continue using the existing `file_accessible` validator since they
are not PEM-encoded certificates.

Valid X509 certs are now required for schema tests.

Fixes #15065

Author: lukebakken

deps/rabbit/priv/schema/rabbit.schema

@@ -175,10 +175,10 @@ end}.
     {datatype, {enum, [true, false]}}]}.
 
 {mapping, "definitions.tls.cacertfile", "rabbit.definitions.ssl_options.cacertfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "definitions.tls.certfile", "rabbit.definitions.ssl_options.certfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "definitions.tls.cert", "rabbit.definitions.ssl_options.cert",
     [{datatype, string}]}.
@@ -214,7 +214,7 @@ fun(Conf) ->
 end}.
 
 {mapping, "definitions.tls.keyfile", "rabbit.definitions.ssl_options.keyfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "definitions.tls.log_alert", "rabbit.definitions.ssl_options.log_alert",
     [{datatype, {enum, [true, false]}}]}.
@@ -316,10 +316,10 @@ end}.
     {datatype, {enum, [true, false]}}]}.
 
 {mapping, "ssl_options.cacertfile", "rabbit.ssl_options.cacertfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "ssl_options.certfile", "rabbit.ssl_options.certfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "ssl_options.cert", "rabbit.ssl_options.cert",
     [{datatype, string}]}.
@@ -373,7 +373,7 @@ fun(Conf) ->
 end}.
 
 {mapping, "ssl_options.keyfile", "rabbit.ssl_options.keyfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "ssl_options.log_level", "rabbit.ssl_options.log_level",
     [{datatype, {enum, [emergency, alert, critical, error, warning, notice, info, debug]}}]}.
@@ -1915,10 +1915,10 @@ end}.
     {datatype, {enum, [true, false]}}]}.
 
 {mapping, "log.syslog.ssl_options.cacertfile", "syslog.protocol",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "log.syslog.ssl_options.certfile", "syslog.protocol",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "log.syslog.ssl_options.cert", "syslog.protocol",
     [{datatype, string}]}.
@@ -1954,7 +1954,7 @@ end}.
     [{datatype, string}]}.
 
 {mapping, "log.syslog.ssl_options.keyfile", "syslog.protocol",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "log.syslog.ssl_options.log_alert", "syslog.protocol",
     [{datatype, {enum, [true, false]}}]}.
@@ -2889,6 +2889,14 @@ fun(File) ->
     end
 end}.
 
+{validator, "pem_file", "PEM file does not exist, cannot be read, or does not contain valid X509 certificate data",
+fun(File) ->
+    case file:read_file(File) of
+        {ok, Bin} -> public_key:pem_decode(Bin) =/= [];
+        _ -> false
+    end
+end}.
+
 {validator, "is_ip", "value should be a valid IP address",
 fun(IpStr) ->
     Res = inet:parse_address(IpStr),

deps/rabbit/test/config_schema_SUITE_data/certs/ca_certificate.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL
+BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0
+VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa
+Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290
+Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN
+Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO
+VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le
+XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+
+Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY
+x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB
+AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG
+XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y
+kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/
+1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3
+H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU
+zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX
+M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq
+CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw==
+-----END CERTIFICATE-----

deps/rabbit/test/config_schema_SUITE_data/certs/cacert.pem

@@ -1 +1,21 @@
-I'm not a certificate
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL
+BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0
+VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa
+Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290
+Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN
+Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO
+VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le
+XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+
+Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY
+x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB
+AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG
+XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y
+kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/
+1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3
+H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU
+zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX
+M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq
+CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw==
+-----END CERTIFICATE-----

deps/rabbit/test/config_schema_SUITE_data/certs/cert.pem

@@ -1 +1,23 @@
-I'm not a certificate
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
+ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w
+CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES
+MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN
+4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF
+rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn
+0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2
+bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb
+Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD
+VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd
+BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp
+yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2
+ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG
+kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM
+7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l
+I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk
+8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT
+mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R
+Oc6FM20=
+-----END CERTIFICATE-----

deps/rabbit/test/config_schema_SUITE_data/certs/key.pem

@@ -1 +1,28 @@
-I'm not a certificate
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+
+R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83
+XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT
+AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN
+13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg
+ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b
+WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0
+cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P
+8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh
+wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/
+qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy
+ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7
+fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB
+8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI
+T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5
+gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw
+GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY
+Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU
+6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC
+txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG
+fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz
+yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y
+YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M
+MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo
+Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56
+IXyt2dPxMIunzSDmAdcLGhFd
+-----END PRIVATE KEY-----

deps/rabbit/test/config_schema_SUITE_data/certs/server_certificate.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
+ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w
+CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES
+MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN
+4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF
+rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn
+0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2
+bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb
+Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD
+VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd
+BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp
+yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2
+ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG
+kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM
+7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l
+I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk
+8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT
+mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R
+Oc6FM20=
+-----END CERTIFICATE-----

deps/rabbit/test/config_schema_SUITE_data/certs/server_key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+
+R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83
+XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT
+AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN
+13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg
+ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b
+WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0
+cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P
+8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh
+wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/
+qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy
+ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7
+fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB
+8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI
+T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5
+gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw
+GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY
+Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU
+6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC
+txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG
+fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz
+yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y
+YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M
+MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo
+Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56
+IXyt2dPxMIunzSDmAdcLGhFd
+-----END PRIVATE KEY-----

deps/rabbitmq_auth_backend_http/priv/schema/rabbitmq_auth_backend_http.schema

@@ -47,10 +47,10 @@ end}.
     {datatype, {enum, [true, false]}}]}.
 
 {mapping, "auth_http.ssl_options.cacertfile", "rabbitmq_auth_backend_http.ssl_options.cacertfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "auth_http.ssl_options.certfile", "rabbitmq_auth_backend_http.ssl_options.certfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "auth_http.ssl_options.cert", "rabbitmq_auth_backend_http.ssl_options.cert",
     [{datatype, string}]}.
@@ -104,7 +104,7 @@ fun(Conf) ->
 end}.
 
 {mapping, "auth_http.ssl_options.keyfile", "rabbitmq_auth_backend_http.ssl_options.keyfile",
-    [{datatype, string}, {validators, ["file_accessible"]}]}.
+    [{datatype, string}, {validators, ["pem_file"]}]}.
 
 {mapping, "auth_http.ssl_options.log_alert", "rabbitmq_auth_backend_http.ssl_options.log_alert",
     [{datatype, {enum, [true, false]}}]}.

deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/ca_certificate.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL
+BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0
+VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa
+Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290
+Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN
+Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO
+VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le
+XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+
+Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY
+x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB
+AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG
+XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y
+kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/
+1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3
+H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU
+zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX
+M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq
+CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw==
+-----END CERTIFICATE-----

deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/cacert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL
+BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0
+VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa
+Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290
+Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN
+Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO
+VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le
+XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+
+Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY
+x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB
+AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG
+XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y
+kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/
+1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3
+H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU
+zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX
+M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq
+CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw==
+-----END CERTIFICATE-----