Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go 1.23: Unable to connect to SQL Server 2022 docker image with TLS error #217

Open
giautm opened this issue Aug 27, 2024 · 4 comments
Open

Go 1.23: Unable to connect to SQL Server 2022 docker image with TLS error #217

giautm opened this issue Aug 27, 2024 · 4 comments

Comments

@giautm
Copy link

giautm commented Aug 27, 2024

The change in crypto/tls returns an error for the negative serial number in the certificate.

Before Go 1.23, ParseCertificate accepted certificates with negative serial numbers. This behavior can be restored by including "x509negativeserial=1" in the GODEBUG environment variable.

https://pkg.go.dev/crypto/x509#ParseCertificate

When running the bellow program, I got a TLS error RANDOMLY with the container. Because sometime the container starts and generates correct certs, so no errors happen.

$ go run ./main.go
2024/08/28 02:24:11 Run query failure: TLS Handshake failed: tls: failed to parse certificate from server: x509: negative serial number
exit status 1

To Reproduce

Start the container

docker run --platform linux/amd64 -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=P@ssw0rd0995' -p 1434:1433 mcr.microsoft.com/mssql/server:2022-latest

Then run the main.go with go run ./main.go

package main

import (
	"database/sql"
	"fmt"
	"log"
	"net/url"

	_ "github.com/microsoft/go-mssqldb"
)

// Start a SQL Server container with the following command:
//
// ```shell
//
//	docker run --platform linux/amd64 -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=P@ssw0rd0995' -p 1434:1433 mcr.microsoft.com/mssql/server:2022-latest
//
// ```
func main() {
	msUser := url.UserPassword("sa", "P@ssw0rd0995")
	port := 1434
	db, err := sql.Open("sqlserver", fmt.Sprintf("sqlserver://%s@:%d/master?connection+timeout=30", msUser.String(), port))
	if err != nil {
		log.Fatalf("Error creating connection pool: %v", err)
	}
	row, err := db.Exec("SELECT 1")
	if err != nil {
		log.Fatalf("Run query failure: %v", err)
	}
	rowCount, err := row.RowsAffected()
	if err != nil {
		log.Fatalf("Error getting row count: %v", err)
	}
	log.Printf("Rows affected: %d\n", rowCount)
}
@giautm giautm mentioned this issue Aug 27, 2024
Open
@shueybubbles
Copy link
Collaborator

@giautm is there something you'd expect to change in the driver for this?

@prochac
Copy link

prochac commented Aug 29, 2024

When is someone violating RFC, why it must be always Microsoft?

RFC 5280 section 4.1.2.2

golang/go#8265

@prochac
Copy link

prochac commented Aug 29, 2024

@shueybubbles maybe wrap the error with an explanation why is that so? Or document the error as a well-know issue?

This driver acts like a bridge between Go and Microsoft SQL Server.

@prochac
Copy link

prochac commented Aug 29, 2024

Another, less ideal solution would be to fork the cert parser and use it as the default for this library. However, this could cause more problems. It would be better to spend that time fixing the root cause, whether it's in the Docker image or the SQL server itself.

@yp05327 yp05327 mentioned this issue Sep 17, 2024
Closed
Thiht added a commit to Thiht/transactor that referenced this issue Oct 2, 2024
@Thiht
temporarily disable mssql tests
b735270 
See microsoft/go-mssqldb#217 , microsoft/mssql-docker#895
The mssql tests currently fail with the error:"TLS Handshake failed: tls: failed to parse certificate from server: x509: negative serial number"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shueybubbles @giautm @prochac