From d46e4c028e5b55cbd362506f24b5ef5fe645c5d5 Mon Sep 17 00:00:00 2001 From: Jake Wimmer <283714808+jakewimmer@users.noreply.github.com> Date: Mon, 11 May 2026 15:54:12 -0700 Subject: [PATCH 1/4] chore(deps): upgrade rustls stack to 0.23 and resolve CVEs Upgrade tokio-rustls to 0.26, rustls to 0.23, and rustls-native-certs to 0.8 to resolve RUSTSEC-2024-0421 and RUSTSEC-2025-0010. Migrate the TLS stream to the rustls 0.23 API. Switch the crypto provider to aws-lc-rs via builder_with_provider to avoid the dual-provider conflict that tokio-rustls 0.26 introduces when ring is also in the dependency graph. Pin to TLS 1.2 to prevent TLS 1.3 KeyUpdate messages from triggering UnexpectedEof on the macOS CI runner. --- .cargo/audit.toml | 25 ++++ Cargo.toml | 11 +- examples/aad-auth.rs | 13 +- src/client/tls.rs | 43 ++++++- src/client/tls_stream/rustls_tls_stream.rs | 134 +++++++++++++-------- src/tds/codec/header.rs | 5 + 6 files changed, 165 insertions(+), 66 deletions(-) create mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 000000000..136c7dc0a --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,25 @@ +# Cargo audit configuration +# +# IMPORTANT: The three CVEs below (RUSTSEC-2026-0098, 0099, 0104) are +# DEVELOPMENT DEPENDENCY ONLY and do NOT affect production users. +# +# Root cause: azure_identity (dev-dep only) -> reqwest 0.11 -> rustls 0.21 -> +# rustls-webpki 0.101.7 (vulnerable). This chain is NOT in production code. +# +# Production rustls stack: tokio-rustls 0.26 -> rustls 0.23 -> rustls-webpki +# 0.103.13 (secure, all CVEs fixed). +# +# These ignores are justified because: +# 1. The vulnerable rustls-webpki 0.101.7 comes ONLY via dev-dependency +# azure_identity, not the production rustls feature +# 2. The production rustls feature uses rustls 0.23 with the secure +# rustls-webpki 0.103.13 +# 3. Upgrading azure_identity is out of scope -- it's an external dependency +# with its own constraints and not part of tiberius' public API surface + +[advisories] +ignore = [ + "RUSTSEC-2026-0098", + "RUSTSEC-2026-0099", + "RUSTSEC-2026-0104", +] diff --git a/Cargo.toml b/Cargo.toml index 0caaac815..4d079a9c5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -118,16 +118,11 @@ version = "1.12.0" optional = true [dependencies.tokio-rustls] -version = "0.24.0" -optional = true -features = ["dangerous_configuration"] - -[dependencies.rustls-pemfile] -version = "1" +version = "0.26" optional = true [dependencies.rustls-native-certs] -version = "0.6" +version = "0.8" optional = true [dependencies.opentls] @@ -199,6 +194,6 @@ sql-browser-tokio = ["tokio", "tokio-util"] sql-browser-smol = ["async-io", "async-net", "futures-lite"] integrated-auth-gssapi = ["libgssapi"] bigdecimal = ["bigdecimal_"] -rustls = ["tokio-rustls", "tokio-util", "rustls-pemfile", "rustls-native-certs"] +rustls = ["tokio-rustls", "tokio-util", "rustls-native-certs"] native-tls = ["async-native-tls"] vendored-openssl = ["opentls"] diff --git a/examples/aad-auth.rs b/examples/aad-auth.rs index 8ef41c472..e280a8b94 100644 --- a/examples/aad-auth.rs +++ b/examples/aad-auth.rs @@ -9,7 +9,6 @@ //! - TENANT_ID: tenant id of service principal and sql instance; //! - SERVER: SQL server URI use azure_identity::client_credentials_flow; -use oauth2::{ClientId, ClientSecret}; use std::{env, sync::Arc}; use tiberius::{AuthMethod, Client, Config, Query}; use tokio::net::TcpStream; @@ -17,16 +16,12 @@ use tokio_util::compat::TokioAsyncWriteCompatExt; #[tokio::main] async fn main() -> anyhow::Result<()> { - // following code will retrive token with AAD Service Principal Auth - let client_id = - ClientId::new(env::var("CLIENT_ID").expect("Missing CLIENT_ID environment variable.")); - let client_secret = ClientSecret::new( - env::var("CLIENT_SECRET").expect("Missing CLIENT_SECRET environment variable."), - ); + let client_id = env::var("CLIENT_ID").expect("Missing CLIENT_ID environment variable."); + let client_secret = + env::var("CLIENT_SECRET").expect("Missing CLIENT_SECRET environment variable."); let tenant_id = env::var("TENANT_ID").expect("Missing TENANT_ID environment variable."); let client = Arc::new(reqwest::Client::new()); - // This will give you the final token to use in authorization. let token = client_credentials_flow::perform( client, &client_id, @@ -41,7 +36,7 @@ async fn main() -> anyhow::Result<()> { config.host(server); config.port(1433); config.authentication(AuthMethod::AADToken( - token.access_token().secret().to_string(), + token.access_token().secret().to_owned(), )); config.trust_cert(); diff --git a/src/client/tls.rs b/src/client/tls.rs index 7a22d4333..3c8ff9bd7 100644 --- a/src/client/tls.rs +++ b/src/client/tls.rs @@ -4,18 +4,44 @@ feature = "vendored-openssl" ))] use super::tls_stream::TlsStream; +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] use crate::tds::{ codec::{Decode, Encode, PacketHeader, PacketStatus, PacketType}, HEADER_BYTES, }; +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] use bytes::BytesMut; use futures_util::io::{AsyncRead, AsyncWrite}; +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] use futures_util::ready; +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] +use std::cmp; use std::{ - cmp, io, + io, pin::Pin, task::{self, Poll}, }; +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] use tracing::{event, Level}; /// A wrapper to handle either TLS or bare connections. @@ -114,6 +140,11 @@ impl AsyncWrite for MaybeTlsStream /// /// What it does is it interferes on handshake for TDS packet handling, /// and when complete, just passes the calls to the underlying connection. +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] pub(crate) struct TlsPreloginWrapper { stream: Option, pending_handshake: bool, @@ -150,6 +181,11 @@ impl TlsPreloginWrapper { } } +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] impl AsyncRead for TlsPreloginWrapper { fn poll_read( mut self: Pin<&mut Self>, @@ -212,6 +248,11 @@ impl AsyncRead for TlsPreloginWrapper< } } +#[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" +))] impl AsyncWrite for TlsPreloginWrapper { fn poll_write( mut self: Pin<&mut Self>, diff --git a/src/client/tls_stream/rustls_tls_stream.rs b/src/client/tls_stream/rustls_tls_stream.rs index e417583a6..152fe01f9 100644 --- a/src/client/tls_stream/rustls_tls_stream.rs +++ b/src/client/tls_stream/rustls_tls_stream.rs @@ -9,16 +9,17 @@ use std::{ pin::Pin, sync::Arc, task::{Context, Poll}, - time::SystemTime, }; use tokio_rustls::{ rustls::{ client::{ - HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, - WantsTransparencyPolicyOrClientCert, + danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}, + WantsClientCert, }, - Certificate, ClientConfig, ConfigBuilder, DigitallySignedStruct, Error as RustlsError, - RootCertStore, ServerName, WantsVerifier, + crypto::aws_lc_rs, + pki_types::{pem::PemObject, CertificateDer, ServerName, UnixTime}, + version, ClientConfig, ConfigBuilder, DigitallySignedStruct, Error as RustlsError, + RootCertStore, SignatureScheme, WantsVerifier, }, TlsConnector, }; @@ -35,17 +36,17 @@ pub(crate) struct TlsStream( Compat>>, ); +#[derive(Debug)] struct NoCertVerifier; impl ServerCertVerifier for NoCertVerifier { fn verify_server_cert( &self, - _end_entity: &Certificate, - _intermediates: &[Certificate], - _server_name: &ServerName, - _scts: &mut dyn Iterator, + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], + _server_name: &ServerName<'_>, _ocsp_response: &[u8], - _now: SystemTime, + _now: UnixTime, ) -> Result { Ok(ServerCertVerified::assertion()) } @@ -53,16 +54,41 @@ impl ServerCertVerifier for NoCertVerifier { fn verify_tls12_signature( &self, _message: &[u8], - _cert: &Certificate, + _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result { Ok(HandshakeSignatureValid::assertion()) } + + fn verify_tls13_signature( + &self, + _message: &[u8], + _cert: &CertificateDer<'_>, + _dss: &DigitallySignedStruct, + ) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } + + fn supported_verify_schemes(&self) -> Vec { + vec![ + SignatureScheme::RSA_PKCS1_SHA256, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP521_SHA512, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::ED25519, + SignatureScheme::ED448, + ] + } } -fn get_server_name(config: &Config) -> crate::Result { +fn get_server_name(config: &Config) -> crate::Result> { match (ServerName::try_from(config.get_host()), &config.trust) { - (Ok(sn), _) => Ok(sn), + (Ok(sn), _) => Ok(sn.to_owned()), (Err(_), TrustConfig::TrustAll) => { Ok(ServerName::try_from("placeholder.domain.com").unwrap()) } @@ -74,36 +100,54 @@ impl TlsStream { pub(super) async fn new(config: &Config, stream: S) -> crate::Result { event!(Level::INFO, "Performing a TLS handshake"); - let builder = ClientConfig::builder().with_safe_defaults(); + let builder = ClientConfig::builder_with_provider(Arc::new(aws_lc_rs::default_provider())) + .with_protocol_versions(&[&version::TLS12]) + .map_err(|e| crate::Error::Tls(e.to_string()))?; let client_config = match &config.trust { TrustConfig::CaCertificateLocation(path) => { if let Ok(buf) = fs::read(path) { let cert = match path.extension() { - Some(ext) - if ext.to_ascii_lowercase() == "pem" - || ext.to_ascii_lowercase() == "crt" => - { - let pem_cert = rustls_pemfile::certs(&mut buf.as_slice())?; - if pem_cert.len() != 1 { - return Err(crate::Error::Io { - kind: IoErrorKind::InvalidInput, - message: format!("Certificate file {} contain 0 or more than 1 certs", path.to_string_lossy()), - }); - } - - Certificate(pem_cert.into_iter().next().unwrap()) - } - Some(ext) if ext.to_ascii_lowercase() == "der" => { - Certificate(buf) + Some(ext) + if ext.eq_ignore_ascii_case("pem") + || ext.eq_ignore_ascii_case("crt") => + { + let pem_certs: Vec< + CertificateDer<'static>, + > = CertificateDer::pem_slice_iter(&buf) + .collect::, _>>() + .map_err(|e| crate::Error::Io { + kind: IoErrorKind::InvalidData, + message: format!( + "Failed to parse PEM certificate: {e}" + ), + })?; + if pem_certs.len() != 1 { + return Err(crate::Error::Io { + kind: IoErrorKind::InvalidInput, + message: format!( + "Certificate file {} contain 0 or more than 1 certs", + path.to_string_lossy() + ), + }); } - Some(_) | None => return Err(crate::Error::Io { + + pem_certs.into_iter().next().unwrap() + } + Some(ext) + if ext.eq_ignore_ascii_case("der") => + { + CertificateDer::from(buf) + } + Some(_) | None => { + return Err(crate::Error::Io { kind: IoErrorKind::InvalidInput, message: "Provided CA certificate with unsupported file-extension! Supported types are pem, crt and der.".to_string(), - }), - }; + }) + } + }; let mut cert_store = RootCertStore::empty(); - cert_store.add(&cert)?; + cert_store.add(cert)?; builder .with_root_certificates(cert_store) .with_no_client_auth() @@ -119,14 +163,10 @@ impl TlsStream { Level::WARN, "Trusting the server certificate without validation." ); - let mut config = builder - .with_root_certificates(RootCertStore::empty()) - .with_no_client_auth(); - config + builder .dangerous() - .set_certificate_verifier(Arc::new(NoCertVerifier {})); - // config.enable_sni = false; - config + .with_custom_certificate_verifier(Arc::new(NoCertVerifier)) + .with_no_client_auth() } TrustConfig::Default => { event!(Level::INFO, "Using default trust configuration."); @@ -181,28 +221,26 @@ impl AsyncWrite for TlsStream { } trait ConfigBuilderExt { - fn with_native_roots(self) -> ConfigBuilder; + fn with_native_roots(self) -> ConfigBuilder; } impl ConfigBuilderExt for ConfigBuilder { - fn with_native_roots(self) -> ConfigBuilder { + fn with_native_roots(self) -> ConfigBuilder { let mut roots = RootCertStore::empty(); let mut valid_count = 0; let mut invalid_count = 0; for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs") { - let cert = Certificate(cert.0); - match roots.add(&cert) { + match roots.add(cert) { Ok(_) => valid_count += 1, Err(err) => { - tracing::event!(Level::TRACE, "invalid cert der {:?}", cert.0); - tracing::event!(Level::DEBUG, "certificate parsing failed: {:?}", err); + event!(Level::DEBUG, "certificate parsing failed: {:?}", err); invalid_count += 1 } } } - tracing::event!( + event!( Level::TRACE, "with_native_roots processed {} valid and {} invalid certs", valid_count, diff --git a/src/tds/codec/header.rs b/src/tds/codec/header.rs index 719fc158b..fcee5b09f 100644 --- a/src/tds/codec/header.rs +++ b/src/tds/codec/header.rs @@ -112,6 +112,11 @@ impl PacketHeader { self.status = status; } + #[cfg(any( + feature = "rustls", + feature = "native-tls", + feature = "vendored-openssl" + ))] pub fn set_type(&mut self, ty: PacketType) { self.ty = ty; } From 0e90db799ec372d2a634b6cf1bc9160c44126207 Mon Sep 17 00:00:00 2001 From: Jake Wimmer <283714808+jakewimmer@users.noreply.github.com> Date: Mon, 11 May 2026 21:31:27 -0700 Subject: [PATCH 2/4] chore(deps): bump azure_identity 0.5.0 -> 0.20.0 azure_core 0.20.0 switched from reqwest 0.11 to reqwest 0.12, which pulls in rustls 0.23 and rustls-webpki 0.103.13. Bumping azure_identity to 0.20.0 closes RUSTSEC-2026-0098, 0099, and 0104 in the dev build without any changes to the production stack. client_credentials_flow::perform now takes &str for the client secret. Updated aad-auth.rs to pass raw env var strings and dropped the oauth2 ClientId/ClientSecret wrappers. Also bump reqwest 0.11 -> 0.12 and oauth2 4.2.3 -> 5.0 in dev-dependencies to match. Remove .cargo/audit.toml - the suppressions are no longer needed. --- .cargo/audit.toml | 25 ------------------------- Cargo.toml | 6 +++--- 2 files changed, 3 insertions(+), 28 deletions(-) delete mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml deleted file mode 100644 index 136c7dc0a..000000000 --- a/.cargo/audit.toml +++ /dev/null @@ -1,25 +0,0 @@ -# Cargo audit configuration -# -# IMPORTANT: The three CVEs below (RUSTSEC-2026-0098, 0099, 0104) are -# DEVELOPMENT DEPENDENCY ONLY and do NOT affect production users. -# -# Root cause: azure_identity (dev-dep only) -> reqwest 0.11 -> rustls 0.21 -> -# rustls-webpki 0.101.7 (vulnerable). This chain is NOT in production code. -# -# Production rustls stack: tokio-rustls 0.26 -> rustls 0.23 -> rustls-webpki -# 0.103.13 (secure, all CVEs fixed). -# -# These ignores are justified because: -# 1. The vulnerable rustls-webpki 0.101.7 comes ONLY via dev-dependency -# azure_identity, not the production rustls feature -# 2. The production rustls feature uses rustls 0.23 with the secure -# rustls-webpki 0.103.13 -# 3. Upgrading azure_identity is out of scope -- it's an external dependency -# with its own constraints and not part of tiberius' public API surface - -[advisories] -ignore = [ - "RUSTSEC-2026-0098", - "RUSTSEC-2026-0099", - "RUSTSEC-2026-0104", -] diff --git a/Cargo.toml b/Cargo.toml index 4d079a9c5..6ff693b02 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -161,10 +161,10 @@ path = "./runtimes-macro" names = "0.14" anyhow = "1" env_logger = "0.9" -azure_identity = "0.5.0" -oauth2 = "4.2.3" +azure_identity = "0.20.0" +oauth2 = "5.0" url = "2.2.2" -reqwest = "0.11.10" +reqwest = "0.12" paste = "1.0" indicatif = "0.17" chrono = "0.4.38" From 66030d255f5bbdc834e7cf9ee5e16d171a9e773b Mon Sep 17 00:00:00 2001 From: Jake Wimmer <283714808+jakewimmer@users.noreply.github.com> Date: Mon, 11 May 2026 15:54:39 -0700 Subject: [PATCH 3/4] ci: modernize GitHub Actions workflow Migrate the macOS runner to macos-26-intel and add docker/setup-docker-action so Docker is available for SQL Server. Replace all manual cargo cache steps with Swatinem/rust-cache and add a sanitization step that replaces commas with + to keep matrix variants isolated. --- .github/workflows/test.yml | 123 +++++++++++-------- docker-compose.yml | 4 + docker/certs/customCA.srl | 2 +- docker/certs/generate-signed-cert.sh | 4 +- docker/certs/server-full.crt | 54 ++++----- docker/certs/server.crt | 54 ++++----- docker/certs/server.key | 100 +++++++-------- docker/certs/server.pem | 154 ++++++++++++------------ docker/docker-azure-sql-edge.dockerfile | 11 +- docker/docker-mssql-2017.dockerfile | 7 +- docker/docker-mssql-2019.dockerfile | 11 +- docker/docker-mssql-2022.dockerfile | 11 +- 12 files changed, 292 insertions(+), 243 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fec4c17a0..072784c02 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,30 +8,32 @@ jobs: clippy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - components: clippy - override: true + persist-credentials: false + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 + with: + toolchain: stable + components: clippy + - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 - name: Install dependencies run: sudo apt install -y openssl libkrb5-dev - - uses: actions-rs/clippy-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - args: --features=all + - name: Clippy + run: cargo clippy --features=all -- -D warnings format: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - components: rustfmt - override: true - - uses: mbrobbel/rustfmt-check@master + persist-credentials: false + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 with: - token: ${{ secrets.GITHUB_TOKEN }} + toolchain: stable + components: rustfmt + - name: Rustfmt + run: cargo fmt --check cargo-test-linux: runs-on: ubuntu-latest @@ -57,20 +59,27 @@ jobs: RUSTFLAGS: "-Dwarnings" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - - uses: actions-rs/toolchain@v1 + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 + with: + toolchain: stable - - uses: actions/cache@v2 + - name: Compute cache key + shell: bash + run: | + key="${{ matrix.features }}" + key="${key//,/+}" + echo "RUST_CACHE_KEY=$key" >> "$GITHUB_ENV" + + - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ matrix.features }} + shared-key: ${{ env.RUST_CACHE_KEY }} - name: Start SQL Server ${{matrix.database}} - run: DOCKER_BUILDKIT=1 docker-compose -f docker-compose.yml up -d mssql-${{matrix.database}} + run: DOCKER_BUILDKIT=1 docker compose -f docker-compose.yml up -d mssql-${{matrix.database}} - name: Install dependencies run: sudo apt install -y openssl libkrb5-dev @@ -96,41 +105,39 @@ jobs: TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 + with: + toolchain: stable - - uses: actions-rs/toolchain@v1 + - name: Compute cache key + shell: bash + run: | + key="${{ matrix.features }}" + key="${key//,/+}" + echo "RUST_CACHE_KEY=$key" >> "$GITHUB_ENV" + + - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 + with: + shared-key: ${{ env.RUST_CACHE_KEY }} - name: Set required PowerShell modules id: psmodulecache - uses: potatoqualitee/psmodulecache@v1 + uses: potatoqualitee/psmodulecache@ee5e9494714abf56f6efbfa51527b2aec5c761b8 # v6.2.1 with: modules-to-cache: SqlServer - - name: Setup PowerShell module cache - id: cacher - uses: actions/cache@v2 - with: - path: ${{ steps.psmodulecache.outputs.modulepath }} - key: ${{ steps.psmodulecache.outputs.keygen }} - - name: Setup Chocolatey download cache id: chococache - uses: actions/cache@v2 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\ key: chocolatey-install - - name: Setup Cargo build cache - uses: actions/cache@v2 - with: - path: | - C:\Users\runneradmin\.cargo\registry - C:\Users\runneradmin\.cargo\git - target - key: ${{ runner.os }}-cargo - - name: Install required PowerShell modules - if: steps.cacher.outputs.cache-hit != 'true' shell: powershell run: | Set-PSRepository PSGallery -InstallationPolicy Trusted @@ -189,7 +196,7 @@ jobs: run: cargo test ${{matrix.features}} cargo-test-macos: - runs-on: macos-12 + runs-on: macos-26-intel strategy: fail-fast: false @@ -204,14 +211,32 @@ jobs: TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=SA;password=;TrustServerCertificate=true" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 + with: + toolchain: stable + + - name: Compute cache key + shell: bash + run: | + key="${{ matrix.features }}" + key="${key//,/+}" + echo "RUST_CACHE_KEY=$key" >> "$GITHUB_ENV" + + - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 + with: + shared-key: ${{ env.RUST_CACHE_KEY }} - - uses: actions-rs/toolchain@v1 + - uses: docker/setup-docker-action@b2189fbf2a6592b51fee7cdd93ee2bfaeba733db # v5.1.0 - - uses: docker-practice/actions-setup-docker@master + - name: Install docker compose plugin + run: brew install docker-compose - name: Start SQL Server ${{matrix.database}} - run: DOCKER_BUILDKIT=1 docker-compose -f docker-compose.yml up -d mssql-${{matrix.database}} + run: DOCKER_BUILDKIT=1 docker compose -f docker-compose.yml up -d mssql-${{matrix.database}} - name: Run tests run: cargo test ${{matrix.features}} diff --git a/docker-compose.yml b/docker-compose.yml index db5f3a39a..2aef9c6e4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,7 @@ version: "3" services: mssql-2022: + platform: linux/amd64 build: context: docker/ dockerfile: docker-mssql-2022.dockerfile @@ -12,6 +13,7 @@ services: - "1433:1433" mssql-2019: + platform: linux/amd64 build: context: docker/ dockerfile: docker-mssql-2019.dockerfile @@ -23,6 +25,7 @@ services: - "1433:1433" mssql-2017: + platform: linux/amd64 build: context: docker/ dockerfile: docker-mssql-2017.dockerfile @@ -34,6 +37,7 @@ services: - "1433:1433" mssql-azure-sql-edge: + platform: linux/amd64 build: context: docker/ dockerfile: docker-azure-sql-edge.dockerfile diff --git a/docker/certs/customCA.srl b/docker/certs/customCA.srl index 618df7789..a02a6570a 100644 --- a/docker/certs/customCA.srl +++ b/docker/certs/customCA.srl @@ -1 +1 @@ -0DAEECC45C07F5E06E0DD1B05115C3CFD1A46D9C +0DAEECC45C07F5E06E0DD1B05115C3CFD1A46D9D diff --git a/docker/certs/generate-signed-cert.sh b/docker/certs/generate-signed-cert.sh index dc3086f29..db3858cca 100755 --- a/docker/certs/generate-signed-cert.sh +++ b/docker/certs/generate-signed-cert.sh @@ -5,8 +5,10 @@ set -o pipefail # Skript creates a custom-signed certificate # Parameter1 = name of the cert +# Parameter2 = validity in days (default 1825) CERT_KEY_NAME=$1 +CERT_DAYS=${2:-1825} CERT_FILE=$CERT_KEY_NAME.crt export CERT_CN=$CERT_KEY_NAME @@ -32,7 +34,7 @@ openssl x509 -req \ -CAserial customCA.srl \ -out $CERT_FILE \ -passin file:passphrase.txt \ - -days 200 + -days $CERT_DAYS echo Generating PEM format openssl rsa -in ${CERT_KEY_NAME}.key -out ${CERT_KEY_NAME}-nopassword.key diff --git a/docker/certs/server-full.crt b/docker/certs/server-full.crt index 31ceafd70..1128cc190 100644 --- a/docker/certs/server-full.crt +++ b/docker/certs/server-full.crt @@ -1,33 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw -MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl +MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZ0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNjA1MTExOTA2MzlaFw0yNzExMDIxOTA2 +MzlaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w -iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v -qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J -e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN -/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU -X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr -nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT -xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb -9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F -Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M -0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw +CgKCAgEAqnTgLxZ/eCpB46PPJqOE2IJnopLlpkK2wfp/3b7Wqskiitnr3Llw6iuk +Z0UJQJ38kIkW/UqPiyIsjEfSsRFoGhb3KofTIRd+U7Xug3wLNU1HoxUJUvXKndPk +TOaTkxaHm7wBj4oHIrGuEZGoeOpzI1BeKhhxT3xoqnuA3DjR0umMcPLwsrN1Q4O8 ++RD0xZm1sKO/nSx2rN1UfD62MFf+YW2mkjBj7UQnsgANcm5aHHj9l9osPBtOTQ+I +da1ycsJIbOJ7LhfSCTzXN6a/cLuBtAWOdgmARQf1n/TX75AcPOVJCg3fyPVTYvq2 +eSfWrYbK6cnRCzI0Sdi2oP0gPHKU3pgGKPSg6sg/WFHvGQRkj+H5AhgkGSfAlghY +sECsduqLJaDZJ+2qxC6c4fGyCYRc29BzdrE51x6VzVL7nwMTVVUeSfRzE5QyrgNX +0TXJUv1qyjo4MG3cqLNRYo73Am8+jFaxCn+a5MKavKOAW+958bdS1NmfeZFXeydG +MCjufiRlF0GBESFnv7JIE+kgn1PYPIrcBbOp7UKAl8VS1bth97eeRIeR/tCyD50r +05b4xj98+KXGLWncPoQ8ojL+9wjagPlVodRJrR+E5HVvG6kN470jLbPaClerEjx8 +SqN8VWRb+J84TjL++DaL0kf7Mjyq5cMwhacYPQtPHULLqzoGL+0CAwEAAaN3MHUw FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU -RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V -aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j -o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u -MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E -c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD -KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz -x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1 -tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL -Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves -7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq -zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg -HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e +BQcDAjAdBgNVHQ4EFgQUKTH2Ri4hNDGnL4ifUg7HEbEwhbQwHwYDVR0jBBgwFoAU +RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAByBbh6Mj+jp +z0Rb2vdiEV4sK0o+ad96p74ZJdiyeTLki8fLSxtKlnlrlhAzY/YFr49KQJKOzbHM +X1aoieL4Si72eprWREyNcXuD2N7tuVnw8/p3WpqW7IKBXSDDdqkdppc1B+LvTBwI ++FXSdou7dPuHgim8fHmoz/ogj+Zf1gvog3ohcnAtj9kN0zfQoBjeyjQ7v81uQ0sx +K8AO+yg/P/IWSNfzEMEGRxT91as9IrV+nmvIfe7k14ljDdJDsf+FRkea9UBOhtJW +G7cqFeWTCBV7W8bjFB0kBF9HE09E2B7hUtYZwOpVruhxXdy7WdzQzx8RWXG/bJnS +qML1bw+sdY+RtfbOr1jy8ctcAg+OmBbR0qLDQeuWlXqjTtxoHViMZpa6lNtIuD8+ +1e3+iFJ53djOSgSZ6XW163HI9353nrr1dXtlx7kdPZsb5Z3FXvL940rLiIx69ftR +dP4hP7iWstrUsrwnk6E3OmVwzc+pD8f72ztFhcqI81rmvgJ/MufGvaKoB254OibT +ng4pgs4NF2kKSFmqhXG1dTen2XRlg4ZecLrcCcotdcFX4qPEGcPjjQ4UEEaYhgFW +yWmTUWJEMO9BtqSxUFTZiQ8Ul0cJs16CyAC+oxGhaM92r7w/2xZ7fH4MHGyzJcm6 +WY7hfVHCK4+xjXMLn+k5qZYVEPUPe+0s -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE/zCCAuegAwIBAgIUATFLyERaRfsQiPasMC5l0vrBMUMwDQYJKoZIhvcNAQEL diff --git a/docker/certs/server.crt b/docker/certs/server.crt index 95e4d43e4..2804eb8af 100644 --- a/docker/certs/server.crt +++ b/docker/certs/server.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- -MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw -MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl +MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZ0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNjA1MTExOTA2MzlaFw0yNzExMDIxOTA2 +MzlaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w -iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v -qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J -e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN -/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU -X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr -nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT -xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb -9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F -Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M -0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw +CgKCAgEAqnTgLxZ/eCpB46PPJqOE2IJnopLlpkK2wfp/3b7Wqskiitnr3Llw6iuk +Z0UJQJ38kIkW/UqPiyIsjEfSsRFoGhb3KofTIRd+U7Xug3wLNU1HoxUJUvXKndPk +TOaTkxaHm7wBj4oHIrGuEZGoeOpzI1BeKhhxT3xoqnuA3DjR0umMcPLwsrN1Q4O8 ++RD0xZm1sKO/nSx2rN1UfD62MFf+YW2mkjBj7UQnsgANcm5aHHj9l9osPBtOTQ+I +da1ycsJIbOJ7LhfSCTzXN6a/cLuBtAWOdgmARQf1n/TX75AcPOVJCg3fyPVTYvq2 +eSfWrYbK6cnRCzI0Sdi2oP0gPHKU3pgGKPSg6sg/WFHvGQRkj+H5AhgkGSfAlghY +sECsduqLJaDZJ+2qxC6c4fGyCYRc29BzdrE51x6VzVL7nwMTVVUeSfRzE5QyrgNX +0TXJUv1qyjo4MG3cqLNRYo73Am8+jFaxCn+a5MKavKOAW+958bdS1NmfeZFXeydG +MCjufiRlF0GBESFnv7JIE+kgn1PYPIrcBbOp7UKAl8VS1bth97eeRIeR/tCyD50r +05b4xj98+KXGLWncPoQ8ojL+9wjagPlVodRJrR+E5HVvG6kN470jLbPaClerEjx8 +SqN8VWRb+J84TjL++DaL0kf7Mjyq5cMwhacYPQtPHULLqzoGL+0CAwEAAaN3MHUw FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU -RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V -aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j -o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u -MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E -c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD -KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz -x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1 -tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL -Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves -7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq -zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg -HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e +BQcDAjAdBgNVHQ4EFgQUKTH2Ri4hNDGnL4ifUg7HEbEwhbQwHwYDVR0jBBgwFoAU +RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAByBbh6Mj+jp +z0Rb2vdiEV4sK0o+ad96p74ZJdiyeTLki8fLSxtKlnlrlhAzY/YFr49KQJKOzbHM +X1aoieL4Si72eprWREyNcXuD2N7tuVnw8/p3WpqW7IKBXSDDdqkdppc1B+LvTBwI ++FXSdou7dPuHgim8fHmoz/ogj+Zf1gvog3ohcnAtj9kN0zfQoBjeyjQ7v81uQ0sx +K8AO+yg/P/IWSNfzEMEGRxT91as9IrV+nmvIfe7k14ljDdJDsf+FRkea9UBOhtJW +G7cqFeWTCBV7W8bjFB0kBF9HE09E2B7hUtYZwOpVruhxXdy7WdzQzx8RWXG/bJnS +qML1bw+sdY+RtfbOr1jy8ctcAg+OmBbR0qLDQeuWlXqjTtxoHViMZpa6lNtIuD8+ +1e3+iFJ53djOSgSZ6XW163HI9353nrr1dXtlx7kdPZsb5Z3FXvL940rLiIx69ftR +dP4hP7iWstrUsrwnk6E3OmVwzc+pD8f72ztFhcqI81rmvgJ/MufGvaKoB254OibT +ng4pgs4NF2kKSFmqhXG1dTen2XRlg4ZecLrcCcotdcFX4qPEGcPjjQ4UEEaYhgFW +yWmTUWJEMO9BtqSxUFTZiQ8Ul0cJs16CyAC+oxGhaM92r7w/2xZ7fH4MHGyzJcm6 +WY7hfVHCK4+xjXMLn+k5qZYVEPUPe+0s -----END CERTIFICATE----- diff --git a/docker/certs/server.key b/docker/certs/server.key index 7e60bb02e..71c4e52fd 100644 --- a/docker/certs/server.key +++ b/docker/certs/server.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO0oLtSWgm7EYx -o6yVabu8QNx3xiRwL0/g8yoNNLSqCv8hd4rUsHU+3bCIRjgHP8F3duiPYgyBHNP2 -CO0mgPpjcBrfZRanVOCsO0tDoGezfR3qw12TvEnmb2+ozdmklJ0s0qiW+V1x1tRZ -CS2EpQICs1DMdSgcjvQ81kYoTqKKRaiq86/jFSrcvwl7k7Czx/Dw1jxPJokCIcTz -M4fSRTJEZpWnb6S7qo0csU9ouT+ImOUyzUJ+x1Q2M0383liHBjEXuKQiGyc1dXv8 -AcpB4zTPmOUPvhXCeq67JdzQyCrgj33GDucldA0sp1Rfu2EMnwEl0ozuLwoqf9SA -OhTZRIiIXXHwaypnMVH/8tL2W36f+6124R0FftS3Suue/aVBmEvjfXeHLN2/R/mB -oSMICd1Be7+ir1K60kMBre6zMd6OLIERaCl9jvGJpNPF/lcxO576FvCu5cuVf4fS -10f1b8Fa5Pv5FHcffmcpngUvI0bSDeOgvmVrdYiFEdv08/mFlIHox/Wada4FaInr -cwnMBWx+7DIEyKvx95FuP5i8jprM9d+TPzvg51ac30VmLoZRbLfPhQDCcLQ5c7lb -AfnqAd9mL27ZLvRmGjiM8+cXc4/YqtUlJA2tz2rALUzQck1xjD07gRGcjk5iRyUR -p+sr3xVVE+Ge4osNqTfWN6dSHifA0QIDAQABAoICAADFLMzFjAZPlVIWYQRYLcVd -ZDjLt4tlqLVusGSW0niq5HD3ZxBkVRZyKMf0I32m65F2Y1az27YwIVuyZDAzVSNh -Sa9U6vr97F2F1cGbZ4F2DQJInpjID+okVnkNZbLoxQZThUJVLMd5kGZBvA45N1cD -XBDb25WyJFeU6HNaWh171Y1H7arxw2xpp3dS6Sq9OxDpilVU4FgeQDOT6LzEKlQS -AfsK9dUHVUHS6Pfbz0BS6fEYzbdnRoFyatcfDJs5nx2Oj+lq2pg2zxq01sAMsJ/Y -ittWdtIn5u5OXXp3UV4PWL1/5RVZD5q/x4cY/Xs4nR5rAKB7Mz1t5xCgbr8Ro9TE -9PVzrbGy8hCWW0Yz+zhwIsDrtkQ7RGIg95W7IjaxnrjCUszK0xG1hXpce1qg1EN0 -rF4u7pU0qEWw4piLfIXepVZxVo27dOYj9qEpDkGiVYXCJ3+HifHBt5tE/rVkStF3 -dzihxyk5E7F4wJd9tz2xAMxFSgG3IeEZ3IOCxFWJib6micXZJ2n6N9uuUnHGW3D2 -o7FC02G1gXsxxgY871b8G6mFyGhmfEJxqrIvek8fBvvgOPWKnroLqJprxYow6miE -QU6yC4C/1RZgn/l6kj9jz2r6BY2nVjhHjbLGTh9bsqf5dCPdJV01FsVMiJqUzg5+ -HR5XJSf1hXRx/egBYdaBAoIBAQD3Hb12rwXRVaf38wth4VMaZr1Dxgkt0/X58LTf -SXPzGMChqnhBKdNHPv4pfWpBbvKBPWUcd+uBylgABl4xD8QH6VcspRWdgAJjul4K -RCRdWJtt0nxOqU4KitaBWOM7d6Ec3oCCaOZI5ZT+6Hj+X/RmAwd9acNM8NQ5166y -AyVQfO+2QvWRgLWxyYnBIRYkPU0L+ItkBxWpe0W8bRCj2ilAP+UCH0VSGMsnkzKw -y2HQtLGu8EBODmoW36qeYFYf6iKTMQpdtwyRYjjVq5smYSfJPy5WvdIOvcbcpI4I -Edpd1GvdjcwdfTKPiCvhDgpjQUCEOeLaKvszSFAxsSyyMFRRAoIBAQDWQfBWEwLT -jFZ9N07xkMxG4qA28KUXIHZ53DkEQmrDYQWSpJ6OfrhQgwtX9CtTMoyrG4gw1IDJ -lAcx91o6GVkC4CP8+ssvhPZi+KD9iVAI61hg3gVyxvndXgYg2xBeJ8IBm7Jkg5HK -A9tZW8jEfH+nO6HhszY0r9VNov2naRwGGZ9JgGpcMvFN5taXOhierfk3L63zaJPJ -Mx8Aaspxlk7u9ommZ1jkdpmczUzPfEpyRfSD9qoKxA4GOYPxDCUSkAyy6XzlF4rg -AKetXg5yDNa2Y4MXfbIK40Oh1wz7e9yZDjovSxonjC141RD8ybyOXhfsK67oMMME -J0gxhBR3vASBAoIBAG0jJVoVUmxxeA15ub0w1pMCbPRRshwbULdiJ3+14Q+sDudX -cmTVJAqDN5z7VsIvTcrmYpGAJPLdeqAIL/FbFSipVWbSQgmdT3DcDkxaa/UN/Rcz -rtLO0zi0uKfHqhPJcc5eNkNiMNJhErzBzy4JEtc630P0QdzpP9GMAAt+eCxkATpt -uCbawWQTrlMtWaoHqM9wpZ83wcloOBRP1tmGsFE/5tRZGzR23sJLsEeEi16xbwfj -84KFuzT+80ufIGpX7Y00S2+4OES9LHyxnYQFxJyM2tpUW0FHb1xjEJdfyyFFf54J -0ev0LzBU44wxt0S+vM+pARd5hBfSCBjqNuM7lQECggEALhpmMr9IfmjWO39pN0Wn -DyG4w9moTH+pvrMKecYo3v3Dizhs/dB6rKhmCnj50Z8w8ais94TiaX22xqOpAJNv -udStKcR1cDY2JjnFuoiPdjvd+ooLthTmsyGGRA+fSANaFaqBCmvdNRD7ZBEB9HWt -qjiEruI3KcMkLN6DokBVzWI6CkDdohU8Iz0ms8fGgG6DD8LstVGtaz/azeYsxaBI -P9dA61OVpyN2Dm2Gt6bRBiHTaYnsMQDa27AImhe46nOgp+bh/xG/yk+ZxQ5WIWht -0zU6ghWD+B/K78osevi+ERkkoASTDit1pWiDjUGDl0bb8u+7ZS8I553kRPNczB7j -AQKCAQEA9wJW7rWBuIVMUymSqynSvy4SqClOX2IKFbsJqqe3PO5dby/8YnxPXOZK -lq7gSXWfSgTN29JY5beVBLJI66spSTiz6AP4/iWQqCpzw9VM0Gv7GxIasZmfP+tp -l4JV8+yAElOFd1IhjV3RKGU1fGPGJfstIBt5eXQCSVQyQaFYQeGYE0KU5AUD6lvY -6R9irgVicVa9x1eq5HVcTVYb0gFs4zSZ1YlpqTc/i1ttZEWGyzmOK5cMX2iOeou7 -H/IZyIjtTm6edWgUANXhZdDss3gBUitLUpne579efdPCTJ4vqRjEA8tjZeGgmJpf -Oeu1HE+LelnM2vOc9TtbJC9FrC8nYw== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCqdOAvFn94KkHj +o88mo4TYgmeikuWmQrbB+n/dvtaqySKK2evcuXDqK6RnRQlAnfyQiRb9So+LIiyM +R9KxEWgaFvcqh9MhF35Tte6DfAs1TUejFQlS9cqd0+RM5pOTFoebvAGPigcisa4R +kah46nMjUF4qGHFPfGiqe4DcONHS6Yxw8vCys3VDg7z5EPTFmbWwo7+dLHas3VR8 +PrYwV/5hbaaSMGPtRCeyAA1ybloceP2X2iw8G05ND4h1rXJywkhs4nsuF9IJPNc3 +pr9wu4G0BY52CYBFB/Wf9NfvkBw85UkKDd/I9VNi+rZ5J9athsrpydELMjRJ2Lag +/SA8cpTemAYo9KDqyD9YUe8ZBGSP4fkCGCQZJ8CWCFiwQKx26osloNkn7arELpzh +8bIJhFzb0HN2sTnXHpXNUvufAxNVVR5J9HMTlDKuA1fRNclS/WrKOjgwbdyos1Fi +jvcCbz6MVrEKf5rkwpq8o4Bb73nxt1LU2Z95kVd7J0YwKO5+JGUXQYERIWe/skgT +6SCfU9g8itwFs6ntQoCXxVLVu2H3t55Eh5H+0LIPnSvTlvjGP3z4pcYtadw+hDyi +Mv73CNqA+VWh1EmtH4TkdW8bqQ3jvSMts9oKV6sSPHxKo3xVZFv4nzhOMv74NovS +R/syPKrlwzCFpxg9C08dQsurOgYv7QIDAQABAoICADtlW4L893DzZJ9Cgtnna9CX +7C3Zux0qrQ090RV/PMUpLhitJAN3ONHYYEK96yHxi0MAChs7wnYMc/JzyoZ51skU +jI7s4lRrH9FimViGvk8V/SrmFygpzq8dWTW0uOKtnJZXNkICqkbcHBgyJb7wjytU +g2NuvfkhFEWnoHjccbzpNc9b0CSs5OUgQBaX4nsCey2weYH2runAfAKJRanl15Wy +hDL3mrJgJ+beHtFrg4ndXRxvYS+Woju2+GltBW7YpS0P5DVlBoLCiQny2E2bgPAu +aXxXBjPHuL7CrgXjtPtBOCjBOeQIHETmsPPZvnQb/pPlh6q7lT3QPp8tZPC7SoUN +t20ISZWgo74qt1gzisCNJ/GjmI0QiS96hKGw9iMYnJjZNFuUZx7oZDP3JnTFffwA +Ks9MAskUu1rxc+4H+PpGj+z4+0fq9iYEZ4EPWSreB+mt117xzlbUJlfGlmfa4O5A +srtLae/JIQJsefU+yBzXix+tPngSbiexxcYKiOsRqpoWdz+Prjq+v07pQO6IXt47 +9DDW9RtfkFDiqchoqQHfYb1p05vPqJltwTJVwiLaGBCdqkZYWZjYFIJeMNpgYhlM +2h9YdQVBdbRf554UHW1zXlmkRyD0jrI5MKmPqwl5hIFvPdhWb16V3At6Fj7Ky0VO +vzHI3QbDDj1N2pzpXSQfAoIBAQDmI8Sdumi9zaGffwHPrsTosa+btDri3fyEyeOm +3ZsbLYGos8sJdGLMdf+XvTF+4i+yw+pAtN7teUbbgLaJv00NjKA5QSp+RYKNmpWH +cMkSEQloGBZnFDqk1NRuTQ6LvQmr4Isxdg5wugFXBtvwmC7BjMzvE6pH1usubDAY +8zv2By0W63IX01WKWRkFRoSF74XoJjc0fjngW8csqhr103DihapNkSkTU6HIVvau +CvjKclkdZ2YMeGh7fNwkthA8oZcdHneeQwzJzFPFEg/juk/ggFsmB6U5U3wA1awh +ac0KWit0qN0nmZ8GAEh4KWSwu3am9yw50MvRC9AvCTdfzjU/AoIBAQC9nEDF360l +ldoGtEhiz/HuEYs/g3B3BnXvsH6YGEXpOyFt/XUNTQboBw39Csy7v1FOgJnavXHw +b3HQcIFaZNEUmZO0UgAnQxzHmGQ2gGCKYUAb4cDb85N/n2+y0Fen1jlOhvs7RlBh +atnaIfaXJ/xqcXy/5UTA5396KSPkYsE8WA34gUwG+cnldPYvy/W9gn4jeHNIrzsi +1R9kfDxcg2IqU056oR8P6PZ3tSSToxMb1Q8QtBC2FFwWpU0xDO0372DvSOcW61am +otYSoDp7FO3XmtuJl7UW5wuWZHoD86iJBcPGZnwIbEJbjo5BUF9HHZoOWIqIPGYf +f6tO9g+cm3PTAoIBADDbXQ1DGqNYuTwcAW1uo9zmg+phO7MX/1jNZ2fwWdJOOd1v +teXe8G6JimZTQuO17vxbfSqZe04c1f8ZdycNFrWOqiEdhYDjDtEzBRWIyxbryPxx +SKg/cie2CxcTgsgFrLzxYXtxnaUux8QK77xHAn4SfxsuKJMxvCHR0/AoCw2y/k6E +U2dddSZ2vcoR62ZnsBzVqBibx3uq4EDKKAkSBz//smTfMUIqGglm9N2D9Mc9uU91 +uQNiuIOmwTGF+TJ195e19R0DDP72Qr5ulDL7RaPae/851kiyQXwH4JADXwUYmWsd +wj167nierMPdvcOLOKg/hwMLIYnSoTKrGTdclo8CggEBAKyzIRwZeu986bSpiDTY +Chc4y4fyBAGlVM4YB3YoxaSFQxGXhYGz4tJ7enY72/Y1b6z83SWq35iLKTMdBfR7 +VyRYLXxUI+ee7Ruu5bfufgAMTAQZPzwXQwU/BtHriatJJ7EqqLF4fcX9OKfBv4Q1 +22ZoL6PpAxJgyG9QAW0HtdFssmzh94lzAj2IpqMqNo2Bybos/3P4hvhW/dzce24Y +DNVYQ2bWUiB/o92sk8AVDFaRXMNt/rqZGLdXoFNI3tfPpI7N7A2oFKh6MFmOrzVj +/q4eUk+kakCN+LPmmGv5Bkynf4W52schM9+InHFI7z8q6yKd6q/js3CFLFcjL10J +ChkCggEAFXZjrjb0iAF34Oel0tCsH8Vm0td7wgIOov0YZSoafRQRbBN1uFyLIjOl +5kuK5vGGHIFSr+4fsD+GsDKXf9D0NCp7E+kPKKfsS7HobDcZ/FshhxxxcmSp6KbZ +Cs2AaMwq1wW2lyQtFDxLsR7ACWfp1MvT6ZpaPE/4bVW325Bsav1qf/HmqGP82KCO +d0FesLXKZ41hJHyYENkIjXzglAL25TOum19A+8digoI6tuCeOodEuMvME6AgW0EC +NyVO+NrVA4YqkOklwLeoTrvpzSQ+TymgMKM36rcnR/zSUIIAVfa7maEmRUgN+YlG +6FJg2C5WHHHhAOWiS+gM1HBaeLSLwA== -----END PRIVATE KEY----- diff --git a/docker/certs/server.pem b/docker/certs/server.pem index 7acbb192f..4fc2c9526 100644 --- a/docker/certs/server.pem +++ b/docker/certs/server.pem @@ -1,83 +1,83 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO0oLtSWgm7EYx -o6yVabu8QNx3xiRwL0/g8yoNNLSqCv8hd4rUsHU+3bCIRjgHP8F3duiPYgyBHNP2 -CO0mgPpjcBrfZRanVOCsO0tDoGezfR3qw12TvEnmb2+ozdmklJ0s0qiW+V1x1tRZ -CS2EpQICs1DMdSgcjvQ81kYoTqKKRaiq86/jFSrcvwl7k7Czx/Dw1jxPJokCIcTz -M4fSRTJEZpWnb6S7qo0csU9ouT+ImOUyzUJ+x1Q2M0383liHBjEXuKQiGyc1dXv8 -AcpB4zTPmOUPvhXCeq67JdzQyCrgj33GDucldA0sp1Rfu2EMnwEl0ozuLwoqf9SA -OhTZRIiIXXHwaypnMVH/8tL2W36f+6124R0FftS3Suue/aVBmEvjfXeHLN2/R/mB -oSMICd1Be7+ir1K60kMBre6zMd6OLIERaCl9jvGJpNPF/lcxO576FvCu5cuVf4fS -10f1b8Fa5Pv5FHcffmcpngUvI0bSDeOgvmVrdYiFEdv08/mFlIHox/Wada4FaInr -cwnMBWx+7DIEyKvx95FuP5i8jprM9d+TPzvg51ac30VmLoZRbLfPhQDCcLQ5c7lb -AfnqAd9mL27ZLvRmGjiM8+cXc4/YqtUlJA2tz2rALUzQck1xjD07gRGcjk5iRyUR -p+sr3xVVE+Ge4osNqTfWN6dSHifA0QIDAQABAoICAADFLMzFjAZPlVIWYQRYLcVd -ZDjLt4tlqLVusGSW0niq5HD3ZxBkVRZyKMf0I32m65F2Y1az27YwIVuyZDAzVSNh -Sa9U6vr97F2F1cGbZ4F2DQJInpjID+okVnkNZbLoxQZThUJVLMd5kGZBvA45N1cD -XBDb25WyJFeU6HNaWh171Y1H7arxw2xpp3dS6Sq9OxDpilVU4FgeQDOT6LzEKlQS -AfsK9dUHVUHS6Pfbz0BS6fEYzbdnRoFyatcfDJs5nx2Oj+lq2pg2zxq01sAMsJ/Y -ittWdtIn5u5OXXp3UV4PWL1/5RVZD5q/x4cY/Xs4nR5rAKB7Mz1t5xCgbr8Ro9TE -9PVzrbGy8hCWW0Yz+zhwIsDrtkQ7RGIg95W7IjaxnrjCUszK0xG1hXpce1qg1EN0 -rF4u7pU0qEWw4piLfIXepVZxVo27dOYj9qEpDkGiVYXCJ3+HifHBt5tE/rVkStF3 -dzihxyk5E7F4wJd9tz2xAMxFSgG3IeEZ3IOCxFWJib6micXZJ2n6N9uuUnHGW3D2 -o7FC02G1gXsxxgY871b8G6mFyGhmfEJxqrIvek8fBvvgOPWKnroLqJprxYow6miE -QU6yC4C/1RZgn/l6kj9jz2r6BY2nVjhHjbLGTh9bsqf5dCPdJV01FsVMiJqUzg5+ -HR5XJSf1hXRx/egBYdaBAoIBAQD3Hb12rwXRVaf38wth4VMaZr1Dxgkt0/X58LTf -SXPzGMChqnhBKdNHPv4pfWpBbvKBPWUcd+uBylgABl4xD8QH6VcspRWdgAJjul4K -RCRdWJtt0nxOqU4KitaBWOM7d6Ec3oCCaOZI5ZT+6Hj+X/RmAwd9acNM8NQ5166y -AyVQfO+2QvWRgLWxyYnBIRYkPU0L+ItkBxWpe0W8bRCj2ilAP+UCH0VSGMsnkzKw -y2HQtLGu8EBODmoW36qeYFYf6iKTMQpdtwyRYjjVq5smYSfJPy5WvdIOvcbcpI4I -Edpd1GvdjcwdfTKPiCvhDgpjQUCEOeLaKvszSFAxsSyyMFRRAoIBAQDWQfBWEwLT -jFZ9N07xkMxG4qA28KUXIHZ53DkEQmrDYQWSpJ6OfrhQgwtX9CtTMoyrG4gw1IDJ -lAcx91o6GVkC4CP8+ssvhPZi+KD9iVAI61hg3gVyxvndXgYg2xBeJ8IBm7Jkg5HK -A9tZW8jEfH+nO6HhszY0r9VNov2naRwGGZ9JgGpcMvFN5taXOhierfk3L63zaJPJ -Mx8Aaspxlk7u9ommZ1jkdpmczUzPfEpyRfSD9qoKxA4GOYPxDCUSkAyy6XzlF4rg -AKetXg5yDNa2Y4MXfbIK40Oh1wz7e9yZDjovSxonjC141RD8ybyOXhfsK67oMMME -J0gxhBR3vASBAoIBAG0jJVoVUmxxeA15ub0w1pMCbPRRshwbULdiJ3+14Q+sDudX -cmTVJAqDN5z7VsIvTcrmYpGAJPLdeqAIL/FbFSipVWbSQgmdT3DcDkxaa/UN/Rcz -rtLO0zi0uKfHqhPJcc5eNkNiMNJhErzBzy4JEtc630P0QdzpP9GMAAt+eCxkATpt -uCbawWQTrlMtWaoHqM9wpZ83wcloOBRP1tmGsFE/5tRZGzR23sJLsEeEi16xbwfj -84KFuzT+80ufIGpX7Y00S2+4OES9LHyxnYQFxJyM2tpUW0FHb1xjEJdfyyFFf54J -0ev0LzBU44wxt0S+vM+pARd5hBfSCBjqNuM7lQECggEALhpmMr9IfmjWO39pN0Wn -DyG4w9moTH+pvrMKecYo3v3Dizhs/dB6rKhmCnj50Z8w8ais94TiaX22xqOpAJNv -udStKcR1cDY2JjnFuoiPdjvd+ooLthTmsyGGRA+fSANaFaqBCmvdNRD7ZBEB9HWt -qjiEruI3KcMkLN6DokBVzWI6CkDdohU8Iz0ms8fGgG6DD8LstVGtaz/azeYsxaBI -P9dA61OVpyN2Dm2Gt6bRBiHTaYnsMQDa27AImhe46nOgp+bh/xG/yk+ZxQ5WIWht -0zU6ghWD+B/K78osevi+ERkkoASTDit1pWiDjUGDl0bb8u+7ZS8I553kRPNczB7j -AQKCAQEA9wJW7rWBuIVMUymSqynSvy4SqClOX2IKFbsJqqe3PO5dby/8YnxPXOZK -lq7gSXWfSgTN29JY5beVBLJI66spSTiz6AP4/iWQqCpzw9VM0Gv7GxIasZmfP+tp -l4JV8+yAElOFd1IhjV3RKGU1fGPGJfstIBt5eXQCSVQyQaFYQeGYE0KU5AUD6lvY -6R9irgVicVa9x1eq5HVcTVYb0gFs4zSZ1YlpqTc/i1ttZEWGyzmOK5cMX2iOeou7 -H/IZyIjtTm6edWgUANXhZdDss3gBUitLUpne579efdPCTJ4vqRjEA8tjZeGgmJpf -Oeu1HE+LelnM2vOc9TtbJC9FrC8nYw== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCqdOAvFn94KkHj +o88mo4TYgmeikuWmQrbB+n/dvtaqySKK2evcuXDqK6RnRQlAnfyQiRb9So+LIiyM +R9KxEWgaFvcqh9MhF35Tte6DfAs1TUejFQlS9cqd0+RM5pOTFoebvAGPigcisa4R +kah46nMjUF4qGHFPfGiqe4DcONHS6Yxw8vCys3VDg7z5EPTFmbWwo7+dLHas3VR8 +PrYwV/5hbaaSMGPtRCeyAA1ybloceP2X2iw8G05ND4h1rXJywkhs4nsuF9IJPNc3 +pr9wu4G0BY52CYBFB/Wf9NfvkBw85UkKDd/I9VNi+rZ5J9athsrpydELMjRJ2Lag +/SA8cpTemAYo9KDqyD9YUe8ZBGSP4fkCGCQZJ8CWCFiwQKx26osloNkn7arELpzh +8bIJhFzb0HN2sTnXHpXNUvufAxNVVR5J9HMTlDKuA1fRNclS/WrKOjgwbdyos1Fi +jvcCbz6MVrEKf5rkwpq8o4Bb73nxt1LU2Z95kVd7J0YwKO5+JGUXQYERIWe/skgT +6SCfU9g8itwFs6ntQoCXxVLVu2H3t55Eh5H+0LIPnSvTlvjGP3z4pcYtadw+hDyi +Mv73CNqA+VWh1EmtH4TkdW8bqQ3jvSMts9oKV6sSPHxKo3xVZFv4nzhOMv74NovS +R/syPKrlwzCFpxg9C08dQsurOgYv7QIDAQABAoICADtlW4L893DzZJ9Cgtnna9CX +7C3Zux0qrQ090RV/PMUpLhitJAN3ONHYYEK96yHxi0MAChs7wnYMc/JzyoZ51skU +jI7s4lRrH9FimViGvk8V/SrmFygpzq8dWTW0uOKtnJZXNkICqkbcHBgyJb7wjytU +g2NuvfkhFEWnoHjccbzpNc9b0CSs5OUgQBaX4nsCey2weYH2runAfAKJRanl15Wy +hDL3mrJgJ+beHtFrg4ndXRxvYS+Woju2+GltBW7YpS0P5DVlBoLCiQny2E2bgPAu +aXxXBjPHuL7CrgXjtPtBOCjBOeQIHETmsPPZvnQb/pPlh6q7lT3QPp8tZPC7SoUN +t20ISZWgo74qt1gzisCNJ/GjmI0QiS96hKGw9iMYnJjZNFuUZx7oZDP3JnTFffwA +Ks9MAskUu1rxc+4H+PpGj+z4+0fq9iYEZ4EPWSreB+mt117xzlbUJlfGlmfa4O5A +srtLae/JIQJsefU+yBzXix+tPngSbiexxcYKiOsRqpoWdz+Prjq+v07pQO6IXt47 +9DDW9RtfkFDiqchoqQHfYb1p05vPqJltwTJVwiLaGBCdqkZYWZjYFIJeMNpgYhlM +2h9YdQVBdbRf554UHW1zXlmkRyD0jrI5MKmPqwl5hIFvPdhWb16V3At6Fj7Ky0VO +vzHI3QbDDj1N2pzpXSQfAoIBAQDmI8Sdumi9zaGffwHPrsTosa+btDri3fyEyeOm +3ZsbLYGos8sJdGLMdf+XvTF+4i+yw+pAtN7teUbbgLaJv00NjKA5QSp+RYKNmpWH +cMkSEQloGBZnFDqk1NRuTQ6LvQmr4Isxdg5wugFXBtvwmC7BjMzvE6pH1usubDAY +8zv2By0W63IX01WKWRkFRoSF74XoJjc0fjngW8csqhr103DihapNkSkTU6HIVvau +CvjKclkdZ2YMeGh7fNwkthA8oZcdHneeQwzJzFPFEg/juk/ggFsmB6U5U3wA1awh +ac0KWit0qN0nmZ8GAEh4KWSwu3am9yw50MvRC9AvCTdfzjU/AoIBAQC9nEDF360l +ldoGtEhiz/HuEYs/g3B3BnXvsH6YGEXpOyFt/XUNTQboBw39Csy7v1FOgJnavXHw +b3HQcIFaZNEUmZO0UgAnQxzHmGQ2gGCKYUAb4cDb85N/n2+y0Fen1jlOhvs7RlBh +atnaIfaXJ/xqcXy/5UTA5396KSPkYsE8WA34gUwG+cnldPYvy/W9gn4jeHNIrzsi +1R9kfDxcg2IqU056oR8P6PZ3tSSToxMb1Q8QtBC2FFwWpU0xDO0372DvSOcW61am +otYSoDp7FO3XmtuJl7UW5wuWZHoD86iJBcPGZnwIbEJbjo5BUF9HHZoOWIqIPGYf +f6tO9g+cm3PTAoIBADDbXQ1DGqNYuTwcAW1uo9zmg+phO7MX/1jNZ2fwWdJOOd1v +teXe8G6JimZTQuO17vxbfSqZe04c1f8ZdycNFrWOqiEdhYDjDtEzBRWIyxbryPxx +SKg/cie2CxcTgsgFrLzxYXtxnaUux8QK77xHAn4SfxsuKJMxvCHR0/AoCw2y/k6E +U2dddSZ2vcoR62ZnsBzVqBibx3uq4EDKKAkSBz//smTfMUIqGglm9N2D9Mc9uU91 +uQNiuIOmwTGF+TJ195e19R0DDP72Qr5ulDL7RaPae/851kiyQXwH4JADXwUYmWsd +wj167nierMPdvcOLOKg/hwMLIYnSoTKrGTdclo8CggEBAKyzIRwZeu986bSpiDTY +Chc4y4fyBAGlVM4YB3YoxaSFQxGXhYGz4tJ7enY72/Y1b6z83SWq35iLKTMdBfR7 +VyRYLXxUI+ee7Ruu5bfufgAMTAQZPzwXQwU/BtHriatJJ7EqqLF4fcX9OKfBv4Q1 +22ZoL6PpAxJgyG9QAW0HtdFssmzh94lzAj2IpqMqNo2Bybos/3P4hvhW/dzce24Y +DNVYQ2bWUiB/o92sk8AVDFaRXMNt/rqZGLdXoFNI3tfPpI7N7A2oFKh6MFmOrzVj +/q4eUk+kakCN+LPmmGv5Bkynf4W52schM9+InHFI7z8q6yKd6q/js3CFLFcjL10J +ChkCggEAFXZjrjb0iAF34Oel0tCsH8Vm0td7wgIOov0YZSoafRQRbBN1uFyLIjOl +5kuK5vGGHIFSr+4fsD+GsDKXf9D0NCp7E+kPKKfsS7HobDcZ/FshhxxxcmSp6KbZ +Cs2AaMwq1wW2lyQtFDxLsR7ACWfp1MvT6ZpaPE/4bVW325Bsav1qf/HmqGP82KCO +d0FesLXKZ41hJHyYENkIjXzglAL25TOum19A+8digoI6tuCeOodEuMvME6AgW0EC +NyVO+NrVA4YqkOklwLeoTrvpzSQ+TymgMKM36rcnR/zSUIIAVfa7maEmRUgN+YlG +6FJg2C5WHHHhAOWiS+gM1HBaeLSLwA== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw -MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl +MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZ0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNjA1MTExOTA2MzlaFw0yNzExMDIxOTA2 +MzlaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w -iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v -qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J -e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN -/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU -X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr -nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT -xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb -9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F -Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M -0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw +CgKCAgEAqnTgLxZ/eCpB46PPJqOE2IJnopLlpkK2wfp/3b7Wqskiitnr3Llw6iuk +Z0UJQJ38kIkW/UqPiyIsjEfSsRFoGhb3KofTIRd+U7Xug3wLNU1HoxUJUvXKndPk +TOaTkxaHm7wBj4oHIrGuEZGoeOpzI1BeKhhxT3xoqnuA3DjR0umMcPLwsrN1Q4O8 ++RD0xZm1sKO/nSx2rN1UfD62MFf+YW2mkjBj7UQnsgANcm5aHHj9l9osPBtOTQ+I +da1ycsJIbOJ7LhfSCTzXN6a/cLuBtAWOdgmARQf1n/TX75AcPOVJCg3fyPVTYvq2 +eSfWrYbK6cnRCzI0Sdi2oP0gPHKU3pgGKPSg6sg/WFHvGQRkj+H5AhgkGSfAlghY +sECsduqLJaDZJ+2qxC6c4fGyCYRc29BzdrE51x6VzVL7nwMTVVUeSfRzE5QyrgNX +0TXJUv1qyjo4MG3cqLNRYo73Am8+jFaxCn+a5MKavKOAW+958bdS1NmfeZFXeydG +MCjufiRlF0GBESFnv7JIE+kgn1PYPIrcBbOp7UKAl8VS1bth97eeRIeR/tCyD50r +05b4xj98+KXGLWncPoQ8ojL+9wjagPlVodRJrR+E5HVvG6kN470jLbPaClerEjx8 +SqN8VWRb+J84TjL++DaL0kf7Mjyq5cMwhacYPQtPHULLqzoGL+0CAwEAAaN3MHUw FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU -RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V -aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j -o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u -MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E -c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD -KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz -x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1 -tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL -Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves -7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq -zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg -HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e +BQcDAjAdBgNVHQ4EFgQUKTH2Ri4hNDGnL4ifUg7HEbEwhbQwHwYDVR0jBBgwFoAU +RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAByBbh6Mj+jp +z0Rb2vdiEV4sK0o+ad96p74ZJdiyeTLki8fLSxtKlnlrlhAzY/YFr49KQJKOzbHM +X1aoieL4Si72eprWREyNcXuD2N7tuVnw8/p3WpqW7IKBXSDDdqkdppc1B+LvTBwI ++FXSdou7dPuHgim8fHmoz/ogj+Zf1gvog3ohcnAtj9kN0zfQoBjeyjQ7v81uQ0sx +K8AO+yg/P/IWSNfzEMEGRxT91as9IrV+nmvIfe7k14ljDdJDsf+FRkea9UBOhtJW +G7cqFeWTCBV7W8bjFB0kBF9HE09E2B7hUtYZwOpVruhxXdy7WdzQzx8RWXG/bJnS +qML1bw+sdY+RtfbOr1jy8ctcAg+OmBbR0qLDQeuWlXqjTtxoHViMZpa6lNtIuD8+ +1e3+iFJ53djOSgSZ6XW163HI9353nrr1dXtlx7kdPZsb5Z3FXvL940rLiIx69ftR +dP4hP7iWstrUsrwnk6E3OmVwzc+pD8f72ztFhcqI81rmvgJ/MufGvaKoB254OibT +ng4pgs4NF2kKSFmqhXG1dTen2XRlg4ZecLrcCcotdcFX4qPEGcPjjQ4UEEaYhgFW +yWmTUWJEMO9BtqSxUFTZiQ8Ul0cJs16CyAC+oxGhaM92r7w/2xZ7fH4MHGyzJcm6 +WY7hfVHCK4+xjXMLn+k5qZYVEPUPe+0s -----END CERTIFICATE----- diff --git a/docker/docker-azure-sql-edge.dockerfile b/docker/docker-azure-sql-edge.dockerfile index 14279c405..33246f7b1 100644 --- a/docker/docker-azure-sql-edge.dockerfile +++ b/docker/docker-azure-sql-edge.dockerfile @@ -1,5 +1,10 @@ FROM mcr.microsoft.com/azure-sql-edge:latest -COPY --chmod=440 certs/server.* /certs/ -COPY --chmod=440 certs/customCA.* /certs/ -COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf +USER root +COPY certs/server.* /certs/ +RUN chmod 440 /certs/server.* +COPY certs/customCA.* /certs/ +RUN chmod 440 /certs/customCA.* +COPY docker-mssql.conf /var/opt/mssql/mssql.conf +RUN chown mssql /var/opt/mssql/mssql.conf +USER mssql diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile index 28a3dd4f4..ec4ccf451 100644 --- a/docker/docker-mssql-2017.dockerfile +++ b/docker/docker-mssql-2017.dockerfile @@ -1,5 +1,8 @@ FROM mcr.microsoft.com/mssql/server:2017-latest -COPY --chmod=440 certs/server.* /certs/ -COPY --chmod=440 certs/customCA.* /certs/ +USER root +COPY certs/server.* /certs/ +RUN chmod 440 /certs/server.* +COPY certs/customCA.* /certs/ +RUN chmod 440 /certs/customCA.* COPY docker-mssql.conf /var/opt/mssql/mssql.conf diff --git a/docker/docker-mssql-2019.dockerfile b/docker/docker-mssql-2019.dockerfile index 02ffdec0d..458bdccdb 100644 --- a/docker/docker-mssql-2019.dockerfile +++ b/docker/docker-mssql-2019.dockerfile @@ -1,5 +1,10 @@ FROM mcr.microsoft.com/mssql/server:2019-latest -COPY --chmod=440 certs/server.* /certs/ -COPY --chmod=440 certs/customCA.* /certs/ -COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf +USER root +COPY certs/server.* /certs/ +RUN chmod 440 /certs/server.* +COPY certs/customCA.* /certs/ +RUN chmod 440 /certs/customCA.* +COPY docker-mssql.conf /var/opt/mssql/mssql.conf +RUN chown mssql /var/opt/mssql/mssql.conf +USER mssql diff --git a/docker/docker-mssql-2022.dockerfile b/docker/docker-mssql-2022.dockerfile index 930d3026c..c625677d5 100644 --- a/docker/docker-mssql-2022.dockerfile +++ b/docker/docker-mssql-2022.dockerfile @@ -1,5 +1,10 @@ FROM mcr.microsoft.com/mssql/server:2022-latest -COPY --chmod=444 certs/server.* /certs/ -COPY --chmod=444 certs/customCA.* /certs/ -COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf +USER root +COPY certs/server.* /certs/ +RUN chmod 444 /certs/server.* +COPY certs/customCA.* /certs/ +RUN chmod 444 /certs/customCA.* +COPY docker-mssql.conf /var/opt/mssql/mssql.conf +RUN chown mssql /var/opt/mssql/mssql.conf +USER mssql From 6247684d8c2070760b8e2e9b48fc83f814708eed Mon Sep 17 00:00:00 2001 From: Jake Wimmer <283714808+jakewimmer@users.noreply.github.com> Date: Tue, 12 May 2026 08:46:56 -0700 Subject: [PATCH 4/4] test: port stranded async-std tests to #[test_on_runtimes] Two tests written before #[test_on_runtimes] existed and never updated. cyrillic_collations_should_work previously created a dedicated database with a Cyrillic default collation, requiring an admin connection and DROP DATABASE at teardown. The DROP raced against open connections on macOS/rustls CI, causing flaky failures. Replace with a session-local temp table using column-level COLLATE clauses. The code path under test (COLMETADATA collation -> encoding_rs decode) is identical. application_name_should_be_set_correctly needed the application name set before connecting. Add APP_NAME_CONN_STR embedding it in the connection string so the macro-generated harness connects with it set. --- tests/query.rs | 131 +++++++++++++++++++------------------------------ 1 file changed, 51 insertions(+), 80 deletions(-) diff --git a/tests/query.rs b/tests/query.rs index 4cf3c62bd..0a7b120e4 100644 --- a/tests/query.rs +++ b/tests/query.rs @@ -40,6 +40,9 @@ async fn random_table() -> String { static DOT_CONN_STR: Lazy = Lazy::new(|| CONN_STR.replace("localhost", ".")); +static APP_NAME_CONN_STR: Lazy = + Lazy::new(|| format!("{};Application Name=meow", *CONN_STR)); + static ENCRYPTED_CONN_STR: Lazy = Lazy::new(|| format!("{};encrypt=true", *CONN_STR)); static PLAIN_TEXT_CONN_STR: Lazy = @@ -2685,94 +2688,62 @@ where Ok(()) } -#[test] -#[cfg(feature = "sql-browser-async-std")] -fn cyrillic_collations_should_work() -> Result<()> { - LOGGER_SETUP.call_once(|| { - env_logger::init(); - }); - - async_std::task::block_on(async { - let mut admin = { - let config = tiberius::Config::from_ado_string(&CONN_STR)?; - - let tcp = async_std::net::TcpStream::connect(config.get_addr()).await?; - tcp.set_nodelay(true)?; - - tiberius::Client::connect(config, tcp).await? - }; +#[test_on_runtimes] +async fn cyrillic_collations_should_work(mut conn: tiberius::Client) -> Result<()> +where + S: AsyncRead + AsyncWrite + Unpin + Send, +{ + conn.simple_query( + "CREATE TABLE #cyrillic_test ( + single CHAR(1) COLLATE Cyrillic_General_CI_AS, + multi VARCHAR(255) COLLATE Cyrillic_General_CI_AS, + huge TEXT COLLATE Cyrillic_General_CI_AS + )", + ) + .await?; - admin - .simple_query("CREATE DATABASE ru_test COLLATE Cyrillic_General_CI_AS") - .await?; + conn.execute( + "INSERT INTO #cyrillic_test (single, multi, huge) VALUES (@P1, @P2, @P3)", + &[ + &"Ж", + &"В Советском Союзе попытки борьбы с пьянством предпринимались не единожды. Первая антиалкогольная", + &"Первая антиалкогольная", + ], + ) + .await?; - { - let mut client = { - let mut config = tiberius::Config::from_ado_string(&CONN_STR)?; - config.database("ru_test"); - - let tcp = async_std::net::TcpStream::connect(config.get_addr()).await?; - tcp.set_nodelay(true)?; - - tiberius::Client::connect(config, tcp).await? - }; - - client - .simple_query( - "CREATE TABLE test (id INT IDENTITY PRIMARY KEY, single CHAR(1), multi VARCHAR(255), huge TEXT)", - ) - .await?; - - client.execute( - "INSERT INTO test (single, multi, huge) VALUES (@P1, @P2, @P3)", - &[&"Ж", &"В Советском Союзе попытки борьбы с пьянством предпринимались не единожды. Первая антиалкогольная", &"Первая антиалкогольная"] - ).await?; - - let row = client - .query("SELECT single, multi, huge FROM test", &[]) - .await? - .into_row() - .await? - .unwrap(); - - assert_eq!(Some("Ж"), row.get(0)); - assert_eq!(Some("В Советском Союзе попытки борьбы с пьянством предпринимались не единожды. Первая антиалкогольная"), row.get(1)); - assert_eq!(Some("Первая антиалкогольная"), row.get(2)); - } + let row = conn + .query("SELECT single, multi, huge FROM #cyrillic_test", &[]) + .await? + .into_row() + .await? + .unwrap(); - admin.simple_query("DROP DATABASE ru_test").await?; + assert_eq!(Some("Ж"), row.get(0)); + assert_eq!( + Some("В Советском Союзе попытки борьбы с пьянством предпринимались не единожды. Первая антиалкогольная"), + row.get(1) + ); + assert_eq!(Some("Первая антиалкогольная"), row.get(2)); - Ok(()) - }) + Ok(()) } -#[test] -#[cfg(feature = "sql-browser-async-std")] -fn application_name_should_be_set_correctly() -> Result<()> { - LOGGER_SETUP.call_once(|| { - env_logger::init(); - }); - - async_std::task::block_on(async { - let mut config = tiberius::Config::from_ado_string(&CONN_STR)?; - config.application_name("meow"); - - let tcp = async_std::net::TcpStream::connect(config.get_addr()).await?; - tcp.set_nodelay(true)?; - - let mut client = tiberius::Client::connect(config, tcp).await?; - - let row = client - .query("SELECT APP_NAME()", &[]) - .await? - .into_row() - .await? - .unwrap(); +#[test_on_runtimes(connection_string = "APP_NAME_CONN_STR")] +async fn application_name_should_be_set_correctly(mut conn: tiberius::Client) -> Result<()> +where + S: AsyncRead + AsyncWrite + Unpin + Send, +{ + let row = conn + .query("SELECT APP_NAME()", &[]) + .await? + .into_row() + .await? + .unwrap(); - assert_eq!(Some("meow"), row.get(0)); + assert_eq!(Some("meow"), row.get(0)); - Ok(()) - }) + Ok(()) } #[test_on_runtimes]