The default certificate created by the docker container sometimes contains a negative serial number.
A TLS certificate with a negative serial number is invalid, although some software has historically tolerated this.
As of Golang 1.23, x509.ParseCertificate explicitly rejects these certificates, this impacts microsoft/go-mssqldb such that it can no longer connect to the docker container due to the the invalid certificate.
I think the proper place to fix this is in the docker repo, a TLS cert with an invalid serial number is not a valid TLS cert.
See: https://tip.golang.org/doc/go1.23#cryptox509pkgcryptox509
The default certificate created by the docker container sometimes contains a negative serial number.
A TLS certificate with a negative serial number is invalid, although some software has historically tolerated this.
As of Golang 1.23,
x509.ParseCertificateexplicitly rejects these certificates, this impactsmicrosoft/go-mssqldbsuch that it can no longer connect to the docker container due to the the invalid certificate.I think the proper place to fix this is in the docker repo, a TLS cert with an invalid serial number is not a valid TLS cert.
See: https://tip.golang.org/doc/go1.23#cryptox509pkgcryptox509