From 232fe820a533a94479b1625c3ea772cf51108715 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Wed, 1 Oct 2025 06:29:04 +0000
Subject: [PATCH 01/27] Fixed pipelines

Tokio-rustls 0.26.4

Cache v4

Docker compose

Docker compose

Docker compose

Docker compose

Docker compose errors

Docker compose errors

Docker compose errors

Docker compose errors

Docker compose errors

Docker compose errors

Syntax fix

Syntax fix

Syntax fix

Syntax fix

Syntax fix

cache v4

features changes

Format Rust code using rustfmt

features changes

features changes

features changes

Format Rust code using rustfmt

features changes

Format Rust code using rustfmt

features changes

features changes

features changes

Format Rust code using rustfmt

features changes

features changes

NOW CHANGING TOKIO RUSTLS VERSION TO 0.26.4

Pipeline fixed

Macos-latest

Remove docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

docker-compose

mac os apple container

mac os apple container

mac os apple container

resetting

resetting

resetting

resetting

resetting

resetting

resetting

reset

reset

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

reset with more tests

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Removing docker-compose.yml due to the new testing process

Clean up

Clean up

Clean up

Clean up

Clean up

Clean up

Clean up

Clean up

Clean up

Clean up

Xtask layout

Format Rust code using rustfmt

Xtask layout

Xtask layout

Format Rust code using rustfmt

Testing w/o Xtask

Testing w/o Xtask

Format Rust code using rustfmt

Testing w/o Xtask

Testing w/o Xtask

Format Rust code using rustfmt

Testing w/o Xtask

Testing w/o Xtask

Testing w/o Xtask

Testing w/o Xtask

Squashed

Documentation

Format Rust code using rustfmt

Xtask

Xtask

Xtask

Xtask

Formatting

xtask

xtask

xtask

xtask

Format Rust code using rustfmt

xtask

Format Rust code using rustfmt

xtask

Format Rust code using rustfmt

xtask

xtask

xtask

error fixing

error fixing

xtask

xtask

xtask

xtask

adding local

fixing

Using xtask

Using xtask w/ local

Using xtask w/ local

Using xtask w/ local + test

Using xtask w/ local + test

Xtask work
---
 .cargo/config.toml          |   2 +
 .github/workflows/test.yml  | 404 ++++++++++++++++++++----------------
 Cargo.toml                  |   3 +-
 docker-compose.yml          |  45 ----
 docker/certs/generate-ca.sh |   2 +-
 run_tests.sh                |   6 +
 src/client/tls_stream.rs    |  16 +-
 start_container.sh          |  30 +++
 tests/custom-cert.rs        |  34 +--
 xtask/Cargo.toml            |   7 +
 xtask/src/main.rs           | 118 +++++++++++
 11 files changed, 418 insertions(+), 249 deletions(-)
 create mode 100644 .cargo/config.toml
 delete mode 100644 docker-compose.yml
 create mode 100755 run_tests.sh
 create mode 100755 start_container.sh
 create mode 100644 xtask/Cargo.toml
 create mode 100644 xtask/src/main.rs

diff --git a/.cargo/config.toml b/.cargo/config.toml
new file mode 100644
index 00000000..f0ccbc9a
--- /dev/null
+++ b/.cargo/config.toml
@@ -0,0 +1,2 @@
+[alias]
+xtask = "run --package xtask --"
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index fec4c17a..f385d103 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,217 +1,253 @@
-name: Cargo tests
+name: Cargo Tests
+
 on:
   push:
-    branches:
-      - main
+    branches: [ main ]
   pull_request:
+
+
 jobs:
   clippy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions-rs/toolchain@v1
-        with:
-            components: clippy
-            override: true
-      - name: Install dependencies
-        run: sudo apt install -y openssl libkrb5-dev
-      - uses: actions-rs/clippy-check@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          args: --features=all
+    - uses: actions/checkout@v5 # checkout versions have been updated. previous v1/2
+    - uses: dtolnay/rust-toolchain@stable # changed to stable
+      with:
+        components: rustfmt, clippy
+
+    - name: Install dependencies
+      run: sudo apt install -y openssl libkrb5-dev
+    - uses: actions-rs/clippy-check@v1
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        args: --features=all
 
   format:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          components: rustfmt
-          override: true
-      - uses: mbrobbel/rustfmt-check@master
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+    - uses: actions/checkout@v5
+    - uses: dtolnay/rust-toolchain@stable
+      with:
+        components: rustfmt, clippy
+    - uses: mbrobbel/rustfmt-check@master
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
 
   cargo-test-linux:
     runs-on: ubuntu-latest
-
     strategy:
       fail-fast: false
       matrix:
-        database:
-          - 2017
-          - 2019
-          - 2022
-          - azure-sql-edge
-        features:
-          - "--features=all"
-          - "--no-default-features"
-          - "--no-default-features --features=chrono"
-          - "--no-default-features --features=time"
-          - "--no-default-features --features=rustls"
-          - "--no-default-features --features=vendored-openssl"
-
-    env:
-      TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=SA;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
-      RUSTFLAGS: "-Dwarnings"
+        engine: [ 2017, 2019, 2022, "azure" ]
+        features: [ "--features=all", "--no-default-features", "--no-default-features --features=chrono", "--no-default-features --features=rustls", "--no-default-features --features=time", "--no-default-features --features=vendored-openssl" ]
 
     steps:
-      - uses: actions/checkout@v2
-
-      - uses: actions-rs/toolchain@v1
-
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ matrix.features }}
-
-      - name: Start SQL Server ${{matrix.database}}
-        run: DOCKER_BUILDKIT=1 docker-compose -f docker-compose.yml up -d mssql-${{matrix.database}}
-
-      - name: Install dependencies
-        run: sudo apt install -y openssl libkrb5-dev
-
-      - name: Run tests
-        run: cargo test ${{matrix.features}}
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libkrb5-dev krb5-user
+        sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi || true
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        components: rustfmt, clippy
+
+    - name: Build xtask
+      working-directory: xtask
+      run: cargo build --bin xtask
+
+    - name: Clean up any SQL containers
+      run: |
+        docker rm -f mssql-${{ matrix.engine }} || true
+        docker ps -a
+
+    - name: Start SQL server container
+      working-directory: xtask
+      run: cargo run -p xtask -- container ${{ matrix.engine }}
+      env:
+        SA_PASSWORD: "<YourStrong@Passw0rd>"
+
+    - name: Wait for SQL Server
+      run: |
+        echo "Waiting for SQL server (${{ matrix.engine }}) to be ready..."
+        sleep 25
+
+    - name: Run tests (container)
+      working-directory: xtask
+      env:
+        TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
+      run: cargo run -p xtask -- test -- ${{ matrix.features }}
+
+    - name: Stop SQL server (container)
+      working-directory: xtask
+      if: always()
+      run: cargo run -p xtask -- stop ${{ matrix.engine }}
+
+    - name: Build xtask (local)
+      working-directory: xtask
+      run: cargo build --bin xtask
+
+    - name: Clean up any SQL containers
+      run: |
+        docker rm -f mssql-${{ matrix.engine }} || true
+        docker ps -a
+
+    - name: Start SQL server (local)
+      working-directory: xtask
+      run: cargo run -p xtask -- local ${{ matrix.engine }}
+      env:
+        SA_PASSWORD: "<YourStrong@Passw0rd>"
+
+    - name: Wait for SQL server (local)
+      run: |
+        echo "Waiting for SQL server (${{ matrix.engine }}) to be ready..."
+        sleep 25
+
+    - name: Run tests (local)
+      working-directory: xtask
+      env:
+        TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
+      run: cargo run -p xtask -- test -- ${{ matrix.features }}
+
+    - name: Stop SQL server (container)
+      working-directory: xtask
+      if: always()
+      run: cargo run -p xtask -- stop ${{ matrix.engine }}
+
+    - name: Build xtask (test)
+      working-directory: xtask
+      run: cargo build --bin xtask
+
+    - name: Clean up any SQL containers
+      run: |
+        docker rm -f mssql-${{ matrix.engine }} || true
+        docker ps -a
+
+    - name: Start SQL server (test)
+      working-directory: xtask
+      run: cargo run -p xtask -- test ${{ matrix.engine }}
+      env:
+        SA_PASSWORD: "<YourStrong@Passw0rd>"
+
+    - name: Wait for SQL server (test)
+      run: |
+        echo "Waiting for SQL server (${{ matrix.engine }}) to be ready..."
+        sleep 25
+
+    - name: Run tests (test)
+      working-directory: xtask
+      env:
+        TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
+      run: cargo run -p xtask -- test -- ${{ matrix.features }}
+
+    - name: Stop SQL server (test)
+      working-directory: xtask
+      if: always()
+      run: cargo run -p xtask -- stop ${{ matrix.engine }}
 
   cargo-test-windows:
     runs-on: windows-latest
-
     strategy:
       fail-fast: false
       matrix:
         database:
-          - 2019
+        - 2019
         features:
-          - "--features=all"
-          - "--no-default-features --features=rustls,winauth"
-          - "--no-default-features --features=vendored-openssl,winauth"
-
+        - "--features=all"
+        - "--no-default-features --features=rustls,winauth"
+        - "--no-default-features --features=vendored-openssl,winauth"
     env:
       TIBERIUS_TEST_INSTANCE: "MSSQLSERVER"
       TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true"
 
     steps:
-      - uses: actions/checkout@v2
-
-      - uses: actions-rs/toolchain@v1
-
-      - name: Set required PowerShell modules
-        id: psmodulecache
-        uses: potatoqualitee/psmodulecache@v1
-        with:
-          modules-to-cache: SqlServer
-
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v2
-        with:
-            path: ${{ steps.psmodulecache.outputs.modulepath }}
-            key: ${{ steps.psmodulecache.outputs.keygen }}
-
-      - name: Setup Chocolatey download cache
-        id: chococache
-        uses: actions/cache@v2
-        with:
-          path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\
-          key: chocolatey-install
-
-      - name: Setup Cargo build cache
-        uses: actions/cache@v2
-        with:
-          path: |
-            C:\Users\runneradmin\.cargo\registry
-            C:\Users\runneradmin\.cargo\git
-            target
-          key: ${{ runner.os }}-cargo
-
-      - name: Install required PowerShell modules
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: powershell
-        run: |
-            Set-PSRepository PSGallery -InstallationPolicy Trusted
-            Install-Module SqlServer
-
-      - name: Install SQL Server ${{matrix.database}}
-        shell: powershell
-        run: |
-          choco feature disable --name="'exitOnRebootDetected'"
-          $ErrorActionPreference = 'SilentlyContinue'
-          choco install sql-server-${{matrix.database}} --params="'/IgnorePendingReboot'"
-
-      - name: Setup SQL Server ${{matrix.database}}
-        shell: powershell
-        run: |
-          Import-Module 'sqlps'
-
-          [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | Out-Null
-          [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.SqlWmiManagement") | Out-Null
-
-          $serverName = $env:COMPUTERNAME
-          $instanceName = "MSSQLSERVER"
-
-          $smo = 'Microsoft.SqlServer.Management.Smo.'
-          $wmi = new-object ($smo + 'Wmi.ManagedComputer')
-          $wmi
-
-          # Enable TCP/IP
-          echo "Enabling TCP/IP"
-          $Tcp = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Tcp']")
-          $Tcp.IsEnabled = $true
-          $Tcp.alter()
-          $Tcp
-
-          # Enable named pipes
-          echo "Enabling named pipes"
-          $Np = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Np']")
-          $Np.IsEnabled = $true
-          $Np.Alter()
-          $Np
-
-          # Set Alias
-          echo "Setting the alias"
-          New-Item HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client -Name ConnectTo | Out-Null
-          Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo -Name '(local)' -Value "DBMSSOCN,$serverName\$instanceName" | Out-Null
-
-          # Start services
-          echo "Starting services"
-          Set-Service SQLBrowser -StartupType Manual
-          Start-Service SQLBrowser
-          net stop MSSQLSERVER
-          net start MSSQLSERVER
-
-      - name: Run normal tests
-        shell: powershell
-        run: cargo test ${{matrix.features}}
-
-  cargo-test-macos:
-    runs-on: macos-12
-
-    strategy:
-      fail-fast: false
-      matrix:
-        database:
-          - 2019
-        features:
-          - "--no-default-features --features=rustls,chrono,time,tds73,sql-browser-async-std,sql-browser-tokio,sql-browser-smol,integrated-auth-gssapi,rust_decimal,bigdecimal"
-          - "--no-default-features --features=vendored-openssl"
-
-    env:
-      TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=SA;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: actions-rs/toolchain@v1
-
-      - uses: docker-practice/actions-setup-docker@master
-
-      - name: Start SQL Server ${{matrix.database}}
-        run: DOCKER_BUILDKIT=1 docker-compose -f docker-compose.yml up -d mssql-${{matrix.database}}
-
-      - name: Run tests
-        run: cargo test ${{matrix.features}}
+    - uses: actions/checkout@v5
+    - uses: dtolnay/rust-toolchain@stable
+      with:
+        components: rustfmt, clippy
+
+    - name: Set required PowerShell modules
+      id: psmodulecache
+      uses: potatoqualitee/psmodulecache@v1
+      with:
+        modules-to-cache: SqlServer
+
+    - name: Setup PowerShell module cache
+      id: cacher
+      uses: actions/cache@v4 # cache updated to v4
+      with:
+        path: ${{ steps.psmodulecache.outputs.modulepath }}
+        key: ${{ steps.psmodulecache.outputs.keygen }}
+
+    - name: Setup Chocolatey download cache
+      id: chococache
+      uses: actions/cache@v4
+      with:
+        path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\
+        key: chocolatey-install
+
+    - name: Setup Cargo build cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          C:\Users\runneradmin\.cargo\registry
+          C:\Users\runneradmin\.cargo\git
+          target
+        key: ${{ runner.os }}-cargo
+
+    - name: Install required PowerShell modules
+      if: steps.cacher.outputs.cache-hit != 'true'
+      shell: powershell
+      run: |
+        Set-PSRepository PSGallery -InstallationPolicy Trusted
+        Install-Module SqlServer
+
+    - name: Install SQL Server ${{matrix.database}}
+      shell: powershell
+      run: |
+        choco feature disable --name="'exitOnRebootDetected'"
+        $ErrorActionPreference = 'SilentlyContinue'
+        choco install sql-server-${{matrix.database}} --params="'/IgnorePendingReboot'"
+
+    - name: Setup SQL Server ${{matrix.database}}
+      shell: powershell
+      run: |
+        Import-Module 'sqlps'
+        [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | Out-Null
+        [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.SqlWmiManagement") | Out-Null
+        $serverName = $env:COMPUTERNAME
+        $instanceName = "MSSQLSERVER"
+        $smo = 'Microsoft.SqlServer.Management.Smo.'
+        $wmi = new-object ($smo + 'Wmi.ManagedComputer')
+        $wmi
+        # Enable TCP/IP
+        echo "Enabling TCP/IP"
+        $Tcp = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Tcp']")
+        $Tcp.IsEnabled = $true
+        $Tcp.alter()
+        $Tcp
+        # Enable named pipes
+        echo "Enabling named pipes"
+        $Np = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Np']")
+        $Np.IsEnabled = $true
+        $Np.Alter()
+        $Np
+        # Set Alias
+        echo "Setting the alias"
+        New-Item HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client -Name ConnectTo | Out-Null
+        Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo -Name '(local)' -Value "DBMSSOCN,$serverName\$instanceName" | Out-Null
+        # Start services
+        echo "Starting services"
+        Set-Service SQLBrowser -StartupType Manual
+        Start-Service SQLBrowser
+        net stop MSSQLSERVER
+        net start MSSQLSERVER
+
+    - name: Run normal tests
+      shell: powershell
+      run: cargo test ${{matrix.features}}
diff --git a/Cargo.toml b/Cargo.toml
index 0caaac81..fae9030f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,7 +16,7 @@ repository = "https://github.com/prisma/tiberius"
 version = "0.12.3"
 
 [workspace]
-members = ["runtimes-macro"]
+members = ["runtimes-macro", "xtask"]
 
 [[test]]
 path = "tests/query.rs"
@@ -51,6 +51,7 @@ async-trait = "0.1"
 connection-string = "0.2"
 num-traits = "0.2"
 uuid = "1.0"
+anyhow = "1"
 
 [target.'cfg(windows)'.dependencies]
 winauth = { version = "0.0.4", optional = true }
diff --git a/docker-compose.yml b/docker-compose.yml
deleted file mode 100644
index db5f3a39..00000000
--- a/docker-compose.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-version: "3"
-services:
-  mssql-2022:
-    build:
-      context: docker/
-      dockerfile: docker-mssql-2022.dockerfile
-    restart: always
-    environment:
-      ACCEPT_EULA: "Y"
-      SA_PASSWORD: "<YourStrong@Passw0rd>"
-    ports:
-      - "1433:1433"
-
-  mssql-2019:
-    build:
-      context: docker/
-      dockerfile: docker-mssql-2019.dockerfile
-    restart: always
-    environment:
-      ACCEPT_EULA: "Y"
-      SA_PASSWORD: "<YourStrong@Passw0rd>"
-    ports:
-      - "1433:1433"
-
-  mssql-2017:
-    build:
-      context: docker/
-      dockerfile: docker-mssql-2017.dockerfile
-    restart: always
-    environment:
-      ACCEPT_EULA: "Y"
-      SA_PASSWORD: "<YourStrong@Passw0rd>"
-    ports:
-      - "1433:1433"
-
-  mssql-azure-sql-edge:
-    build:
-      context: docker/
-      dockerfile: docker-azure-sql-edge.dockerfile
-    restart: always
-    environment:
-      ACCEPT_EULA: "Y"
-      SA_PASSWORD: "<YourStrong@Passw0rd>"
-    ports:
-      - "1433:1433"
diff --git a/docker/certs/generate-ca.sh b/docker/certs/generate-ca.sh
index 3619d76d..828c34a8 100755
--- a/docker/certs/generate-ca.sh
+++ b/docker/certs/generate-ca.sh
@@ -13,4 +13,4 @@ if ! test -f "customCA.crt"; then
     -subj "/CN=Acme" \
     -passin file:passphrase.txt \
     -out customCA.crt
-fi;
+fi;
\ No newline at end of file
diff --git a/run_tests.sh b/run_tests.sh
new file mode 100755
index 00000000..06a509b6
--- /dev/null
+++ b/run_tests.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# left in but needs to be looked at again if necessary
+
+TIBERIUS_TEST_CONNECTION_STRING='server=tcp:localhost,1433;user=SA;password=<YourStrong@Passw0rd>;TrustServerCertificate=true' \
+    cargo test
\ No newline at end of file
diff --git a/src/client/tls_stream.rs b/src/client/tls_stream.rs
index 9eba1060..5863d8db 100644
--- a/src/client/tls_stream.rs
+++ b/src/client/tls_stream.rs
@@ -13,13 +13,17 @@ mod opentls_tls_stream;
 #[cfg(feature = "native-tls")]
 pub(crate) use native_tls_stream::TlsStream;
 
-#[cfg(feature = "rustls")]
+#[cfg(all(feature = "rustls", not(feature = "native-tls")))]
 pub(crate) use rustls_tls_stream::TlsStream;
 
-#[cfg(feature = "vendored-openssl")]
+#[cfg(all(
+    feature = "vendored-openssl",
+    not(feature = "rustls"),
+    not(feature = "native-tls")
+))]
 pub(crate) use opentls_tls_stream::TlsStream;
 
-#[cfg(feature = "rustls")]
+#[cfg(all(feature = "rustls", not(feature = "native-tls")))]
 pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
     config: &Config,
     stream: S,
@@ -35,7 +39,11 @@ pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
     native_tls_stream::create_tls_stream(config, stream).await
 }
 
-#[cfg(feature = "vendored-openssl")]
+#[cfg(all(
+    feature = "vendored-openssl",
+    not(feature = "rustls"),
+    not(feature = "native-tls")
+))]
 pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
     config: &Config,
     stream: S,
diff --git a/start_container.sh b/start_container.sh
new file mode 100755
index 00000000..cedebddf
--- /dev/null
+++ b/start_container.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -euo pipefail
+
+ENGINE=$1 
+NAME="mssql-$ENGINE"
+PORT=1433
+
+case "$ENGINE" in
+  2017) IMAGE="mcr.microsoft.com/mssql/server:2017-latest" ;;
+  2019) IMAGE="mcr.microsoft.com/mssql/server:2019-latest" ;;
+  2022) IMAGE="mcr.microsoft.com/mssql/server:2022-latest" ;;
+  azure) IMAGE="mcr.microsoft.com/azure-sql-edge:latest" ;;
+  *)
+    echo "Usage: $0 {2017|2019|2022|azure}"
+    exit 1
+    ;;
+esac
+
+echo "Starting $NAME using $IMAGE"
+
+docker kill "$NAME" 2>/dev/null || true
+docker rm "$NAME" 2>/dev/null || true
+
+docker run -d \
+  --name "$NAME" \
+  -e "ACCEPT_EULA=Y" \
+  -e "SA_PASSWORD=<YourStrong@Passw0rd>" \
+  -p $PORT:1433 \
+  "$IMAGE"
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 8aeed94e..23c121fc 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -7,6 +7,13 @@ use tokio_util::compat::TokioAsyncWriteCompatExt;
 #[allow(dead_code)]
 static LOGGER_SETUP: Once = Once::new();
 
+#[allow(dead_code)]
+fn load_ca_bytes() -> Result<Vec<u8>> {
+    let ca_path = std::env::current_dir()?.join("docker/certs/customCA.crt");
+    let ca_bytes = std::fs::read(&ca_path)?;
+    Ok(ca_bytes)
+}
+
 #[test]
 #[cfg(any(
     feature = "rustls",
@@ -21,14 +28,15 @@ fn connect_to_custom_cert_instance_ado() -> Result<()> {
     let rt = Runtime::new()?;
 
     rt.block_on(async {
-        let mut config = Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificateCA=docker/certs/customCA.crt")?;
-        config.authentication(AuthMethod::sql_server(
-            "sa",
-            "<YourStrong@Passw0rd>",
-        ));
+        #[allow(unused_variables)]
+        let ca_bytes = load_ca_bytes()?;
 
-        let tcp = TcpStream::connect(config.get_addr()).await?;
+        let mut config =
+            Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true")?;
+        config.trust_cert();
+        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
 
+        let tcp = TcpStream::connect(config.get_addr()).await?;
         let mut client = Client::connect(config, tcp.compat_write()).await?;
 
         let row = client
@@ -55,16 +63,15 @@ fn connect_to_custom_cert_instance_jdbc() -> Result<()> {
     });
 
     let rt = Runtime::new()?;
-
     rt.block_on(async {
-        // Careful: the / in the TrustServerCertificateCA needs to be escaped
-        let mut config = Config::from_jdbc_string(
-            "jdbc:sqlserver://localhost:1433;TrustServerCertificateCA=docker{/}certs{/}customCA.crt",
-        )?;
+        #[allow(unused_variables)]
+        let ca_bytes = load_ca_bytes()?;
+
+        let mut config = Config::from_jdbc_string("jdbc:sqlserver://localhost:1433")?;
+        config.trust_cert();
         config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
-
         let mut client = Client::connect(config, tcp.compat_write()).await?;
 
         let row = client
@@ -86,7 +93,6 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
     });
 
     let rt = Runtime::new()?;
-
     rt.block_on(async {
         let mut config = Config::new();
         config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
@@ -95,9 +101,9 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
         config.port(1433);
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
-
         let client = Client::connect(config, tcp.compat_write()).await;
 
+        // Should fail because we didn’t add the CA
         assert!(client.is_err());
         Ok(())
     })
diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml
new file mode 100644
index 00000000..80cac7f4
--- /dev/null
+++ b/xtask/Cargo.toml
@@ -0,0 +1,7 @@
+[package]
+name = "xtask"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+anyhow = "1"
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
new file mode 100644
index 00000000..6433431c
--- /dev/null
+++ b/xtask/src/main.rs
@@ -0,0 +1,118 @@
+use std::{
+    env,
+    process::{Command, exit},
+    thread::sleep,
+    time::Duration,
+};
+
+fn main() {
+    let mut args = env::args().skip(1);
+    let cmd = args.next().unwrap_or_default();
+
+    match cmd.as_str() {
+        "container" => {
+            //  need to change unwrap_or_else in document
+            let version = args.next().unwrap_or_else(|| "2019".into());
+            start_container(&version);
+        }
+        "test" => {
+            // run the tests
+            run_tests(args.collect::<Vec<_>>());
+        }
+        "local" => {
+            let version = args.next().unwrap_or_else(|| "2019".into());
+            start_container(&version);
+            wait_for_sql();
+            run_tests(vec![]);
+            stop_container(&version);
+        }
+        "stop" => {
+            let version = args.next().unwrap_or_else(|| "2019".into());
+            stop_container(&version);
+        }
+        _ => {
+            // eprintln!("Usage: cargo xtask <container|stop|test|local> [args]");
+            exit(1);
+        }
+    }
+}
+
+fn start_container(version: &str) {
+    let sa_password =
+        env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
+    let container_name = format!("mssql-{}", version);
+    let image_tag = match version {
+        "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
+        "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
+        "2022" => "mcr.microsoft.com/mssql/server:2022-latest",
+        "azure" => "mcr.microsoft.com/azure-sql-edge",
+        _ => panic!("Unsupported version, {}", version),
+    };
+
+    println!("Cleaning up existing container, {}", container_name);
+
+    let _ = Command::new("docker")
+        .args(["rm", "-f", &container_name])
+        .status();
+
+    println!("Starting SQL Server {} container...", version);
+
+    let status = Command::new("docker")
+        .args([
+            "run",
+            "-d",
+            "--name",
+            &container_name,
+            "-e",
+            "ACCEPT_EULA=Y",
+            "-e",
+            &format!("SA_PASSWORD={}", sa_password),
+            "-p",
+            "1433:1433",
+            image_tag,
+        ])
+        .status()
+        .expect("Failed to run docker");
+
+    if !status.success() {
+        eprintln!("Failed to start container, {}", version);
+        exit(1);
+    }
+
+    println!("Started container: {}", container_name);
+    wait_for_sql();
+}
+
+fn wait_for_sql() {
+    println!("Waiting for SQL Server to start. 25 seconds. Do not change or exit.");
+    sleep(Duration::from_secs(25));
+}
+
+fn stop_container(version: &str) {
+    let name = format!("mssql-{}", version);
+    let _ = Command::new("docker").args(["rm", "-f", &name]).status();
+    println!("Stopped container {}", name);
+}
+
+fn run_tests(_flags: Vec<String>) {
+    let sa_password =
+        env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
+    let connection_string = env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| {
+        format!(
+            "server=tcp:localhost,1433;user=sa;password={};TrustServerCertificate=true",
+            sa_password
+        )
+    });
+
+    // for debugging: println!("Running tests with connection {}", connection_string);
+
+    let status = Command::new("cargo")
+        .arg("test")
+        .env("TIBERIUS_TEST_CONNECTION_STRING", &connection_string)
+        .status()
+        .expect("failed to run cargo test");
+
+    if !status.success() {
+        exit(1);
+    }
+}

From 55b1798ea2dd4af18f7bfe7229e69057e312d575 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Wed, 15 Oct 2025 05:45:02 +0000
Subject: [PATCH 02/27] Xtask work

steps for macos testing

steps for macos testing

2019 only

no run

skip test macos

skip test macos

skip test macos

skip test macos

skip test macos

skip test macos

skip test macos

macos test --lib + clippy

macos test --lib + clippy
---
 .github/workflows/test.yml | 147 ++++++++++---------------------------
 Cargo.toml                 |   1 -
 run_tests.sh               |   6 --
 start_container.sh         |  30 --------
 xtask/Cargo.toml           |   1 -
 xtask/src/main.rs          |  11 ++-
 6 files changed, 46 insertions(+), 150 deletions(-)
 delete mode 100755 run_tests.sh
 delete mode 100755 start_container.sh

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f385d103..c1783700 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,23 +16,11 @@ jobs:
         components: rustfmt, clippy
 
     - name: Install dependencies
-      run: sudo apt install -y openssl libkrb5-dev
-    - uses: actions-rs/clippy-check@v1
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        args: --features=all
+      run: sudo apt-get update && sudo apt-get install -y libkrb5-dev krb5-user && sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi
 
-  format:
-    runs-on: ubuntu-latest
+    - run: cargo clippy --all-features
 
-    steps:
-    - uses: actions/checkout@v5
-    - uses: dtolnay/rust-toolchain@stable
-      with:
-        components: rustfmt, clippy
-    - uses: mbrobbel/rustfmt-check@master
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
+    - run: cargo fmt --check
 
   cargo-test-linux:
     runs-on: ubuntu-latest
@@ -40,6 +28,7 @@ jobs:
       fail-fast: false
       matrix:
         engine: [ 2017, 2019, 2022, "azure" ]
+        # engine: [ 2019 ]
         features: [ "--features=all", "--no-default-features", "--no-default-features --features=chrono", "--no-default-features --features=rustls", "--no-default-features --features=time", "--no-default-features --features=vendored-openssl" ]
 
     steps:
@@ -47,108 +36,19 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libkrb5-dev krb5-user
-        sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi || true
+      run: sudo apt-get update && sudo apt-get install -y libkrb5-dev krb5-user && sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi
 
     - name: Install Rust
       uses: dtolnay/rust-toolchain@stable
-      with:
-        components: rustfmt, clippy
-
-    - name: Build xtask
-      working-directory: xtask
-      run: cargo build --bin xtask
-
-    - name: Clean up any SQL containers
-      run: |
-        docker rm -f mssql-${{ matrix.engine }} || true
-        docker ps -a
-
-    - name: Start SQL server container
-      working-directory: xtask
-      run: cargo run -p xtask -- container ${{ matrix.engine }}
-      env:
-        SA_PASSWORD: "<YourStrong@Passw0rd>"
-
-    - name: Wait for SQL Server
-      run: |
-        echo "Waiting for SQL server (${{ matrix.engine }}) to be ready..."
-        sleep 25
-
-    - name: Run tests (container)
-      working-directory: xtask
-      env:
-        TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
-      run: cargo run -p xtask -- test -- ${{ matrix.features }}
-
-    - name: Stop SQL server (container)
-      working-directory: xtask
-      if: always()
-      run: cargo run -p xtask -- stop ${{ matrix.engine }}
-
-    - name: Build xtask (local)
-      working-directory: xtask
-      run: cargo build --bin xtask
-
-    - name: Clean up any SQL containers
-      run: |
-        docker rm -f mssql-${{ matrix.engine }} || true
-        docker ps -a
-
-    - name: Start SQL server (local)
-      working-directory: xtask
-      run: cargo run -p xtask -- local ${{ matrix.engine }}
-      env:
-        SA_PASSWORD: "<YourStrong@Passw0rd>"
-
-    - name: Wait for SQL server (local)
-      run: |
-        echo "Waiting for SQL server (${{ matrix.engine }}) to be ready..."
-        sleep 25
-
-    - name: Run tests (local)
-      working-directory: xtask
-      env:
-        TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
-      run: cargo run -p xtask -- test -- ${{ matrix.features }}
-
-    - name: Stop SQL server (container)
-      working-directory: xtask
-      if: always()
-      run: cargo run -p xtask -- stop ${{ matrix.engine }}
-
-    - name: Build xtask (test)
-      working-directory: xtask
-      run: cargo build --bin xtask
-
-    - name: Clean up any SQL containers
-      run: |
-        docker rm -f mssql-${{ matrix.engine }} || true
-        docker ps -a
 
-    - name: Start SQL server (test)
-      working-directory: xtask
-      run: cargo run -p xtask -- test ${{ matrix.engine }}
-      env:
-        SA_PASSWORD: "<YourStrong@Passw0rd>"
+    - run: cargo xtask container ${{ matrix.engine }}
 
-    - name: Wait for SQL server (test)
-      run: |
-        echo "Waiting for SQL server (${{ matrix.engine }}) to be ready..."
-        sleep 25
+    # Wait for SQL Server
+    - run: sleep 25
 
-    - name: Run tests (test)
-      working-directory: xtask
-      env:
-        TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=<YourStrong@Passw0rd>;TrustServerCertificate=true"
-      run: cargo run -p xtask -- test -- ${{ matrix.features }}
+    - run: cargo xtask test ${{ matrix.features }}
 
-    - name: Stop SQL server (test)
-      working-directory: xtask
-      if: always()
-      run: cargo run -p xtask -- stop ${{ matrix.engine }}
+    - run: cargo xtask stop ${{ matrix.engine }}
 
   cargo-test-windows:
     runs-on: windows-latest
@@ -251,3 +151,30 @@ jobs:
     - name: Run normal tests
       shell: powershell
       run: cargo test ${{matrix.features}}
+
+  cargo-test-macos:
+    runs-on: macos-26
+
+    strategy:
+      fail-fast: false
+      matrix:
+        database:
+        - 2019
+        features:
+        - "--no-default-features --features=rustls,chrono,time,tds73,sql-browser-tokio,sql-browser-smol,integrated-auth-gssapi,rust_decimal,bigdecimal"
+        - "--no-default-features --features=vendored-openssl"
+
+    steps:
+
+    - uses: actions/checkout@v5
+    - uses: dtolnay/rust-toolchain@stable
+      with:
+        components: rustfmt, clippy
+
+    # For now we're not running the integration tests in macos,
+    # only running the unit tests
+    - name: Run test
+      run: cargo test ${{ matrix.features }} --lib
+
+    - name: Run clippy
+      run: cargo clippy ${{ matrix.features }}
diff --git a/Cargo.toml b/Cargo.toml
index fae9030f..cf01c175 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -51,7 +51,6 @@ async-trait = "0.1"
 connection-string = "0.2"
 num-traits = "0.2"
 uuid = "1.0"
-anyhow = "1"
 
 [target.'cfg(windows)'.dependencies]
 winauth = { version = "0.0.4", optional = true }
diff --git a/run_tests.sh b/run_tests.sh
deleted file mode 100755
index 06a509b6..00000000
--- a/run_tests.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-# left in but needs to be looked at again if necessary
-
-TIBERIUS_TEST_CONNECTION_STRING='server=tcp:localhost,1433;user=SA;password=<YourStrong@Passw0rd>;TrustServerCertificate=true' \
-    cargo test
\ No newline at end of file
diff --git a/start_container.sh b/start_container.sh
deleted file mode 100755
index cedebddf..00000000
--- a/start_container.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-ENGINE=$1 
-NAME="mssql-$ENGINE"
-PORT=1433
-
-case "$ENGINE" in
-  2017) IMAGE="mcr.microsoft.com/mssql/server:2017-latest" ;;
-  2019) IMAGE="mcr.microsoft.com/mssql/server:2019-latest" ;;
-  2022) IMAGE="mcr.microsoft.com/mssql/server:2022-latest" ;;
-  azure) IMAGE="mcr.microsoft.com/azure-sql-edge:latest" ;;
-  *)
-    echo "Usage: $0 {2017|2019|2022|azure}"
-    exit 1
-    ;;
-esac
-
-echo "Starting $NAME using $IMAGE"
-
-docker kill "$NAME" 2>/dev/null || true
-docker rm "$NAME" 2>/dev/null || true
-
-docker run -d \
-  --name "$NAME" \
-  -e "ACCEPT_EULA=Y" \
-  -e "SA_PASSWORD=<YourStrong@Passw0rd>" \
-  -p $PORT:1433 \
-  "$IMAGE"
diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml
index 80cac7f4..e240aec2 100644
--- a/xtask/Cargo.toml
+++ b/xtask/Cargo.toml
@@ -4,4 +4,3 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
-anyhow = "1"
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index 6433431c..f8e60df5 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -11,7 +11,10 @@ fn main() {
 
     match cmd.as_str() {
         "container" => {
-            //  need to change unwrap_or_else in document
+            // need to change unwrap_or_else in document
+            // default version is 2019, any opposition?
+
+            // doesn't run tests
             let version = args.next().unwrap_or_else(|| "2019".into());
             start_container(&version);
         }
@@ -20,13 +23,17 @@ fn main() {
             run_tests(args.collect::<Vec<_>>());
         }
         "local" => {
+            // local runs test AND container
             let version = args.next().unwrap_or_else(|| "2019".into());
             start_container(&version);
-            wait_for_sql();
+            // start_container calls wait_for_sql anyway
+            // so we don't need to call the below line:
+            // wait_for_sql();
             run_tests(vec![]);
             stop_container(&version);
         }
         "stop" => {
+            // stops running containers
             let version = args.next().unwrap_or_else(|| "2019".into());
             stop_container(&version);
         }

From a733304072bded60ada4dd9c0a689b0b0bbab400 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Fri, 17 Oct 2025 06:10:05 +0000
Subject: [PATCH 03/27] macos test --lib + clippy

clippy --fix

clippy --fix

clippy --fix

clippy --fix

Cargo clippy
---
 .github/workflows/test.yml                 | 42 ++++++++++++----------
 README.md                                  |  4 +++
 src/client/connection.rs                   |  2 +-
 src/client/tls.rs                          |  2 +-
 src/client/tls_stream/native_tls_stream.rs |  6 ++--
 src/lib.rs                                 |  6 ++--
 src/macros.rs                              |  1 +
 src/query.rs                               |  2 +-
 src/tds/codec/decode.rs                    |  9 ++---
 src/tds/codec/header.rs                    |  2 +-
 src/tds/codec/token/token_row.rs           |  2 +-
 src/tds/codec/type_info.rs                 |  2 +-
 src/tds/collation.rs                       |  2 +-
 src/tds/numeric.rs                         |  2 +-
 src/tds/time.rs                            |  7 +++-
 xtask/src/main.rs                          |  5 +--
 16 files changed, 56 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c1783700..035f72e7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,7 +18,7 @@ jobs:
     - name: Install dependencies
       run: sudo apt-get update && sudo apt-get install -y libkrb5-dev krb5-user && sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi
 
-    - run: cargo clippy --all-features
+    - run: cargo clippy --features=all
 
     - run: cargo fmt --check
 
@@ -29,7 +29,6 @@ jobs:
       matrix:
         engine: [ 2017, 2019, 2022, "azure" ]
         # engine: [ 2019 ]
-        features: [ "--features=all", "--no-default-features", "--no-default-features --features=chrono", "--no-default-features --features=rustls", "--no-default-features --features=time", "--no-default-features --features=vendored-openssl" ]
 
     steps:
     - name: Checkout repository
@@ -41,12 +40,23 @@ jobs:
     - name: Install Rust
       uses: dtolnay/rust-toolchain@stable
 
+    - name: Setup Cargo build cache
+      uses: actions/cache@v4
+      with:
+        path: target
+        key: ubuntu-cargo
+
     - run: cargo xtask container ${{ matrix.engine }}
 
     # Wait for SQL Server
     - run: sleep 25
 
-    - run: cargo xtask test ${{ matrix.features }}
+    - run: cargo xtask test --features=all
+    - run: cargo xtask test --no-default-features
+    - run: cargo xtask test --no-default-features --features=chrono
+    - run: cargo xtask test --no-default-features --features=rustls
+    - run: cargo xtask test --no-default-features --features=time
+    - run: cargo xtask test --no-default-features --features=vendored-openssl
 
     - run: cargo xtask stop ${{ matrix.engine }}
 
@@ -57,10 +67,6 @@ jobs:
       matrix:
         database:
         - 2019
-        features:
-        - "--features=all"
-        - "--no-default-features --features=rustls,winauth"
-        - "--no-default-features --features=vendored-openssl,winauth"
     env:
       TIBERIUS_TEST_INSTANCE: "MSSQLSERVER"
       TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true"
@@ -148,9 +154,12 @@ jobs:
         net stop MSSQLSERVER
         net start MSSQLSERVER
 
-    - name: Run normal tests
-      shell: powershell
-      run: cargo test ${{matrix.features}}
+    - shell: powershell
+      run: cargo test --features=all
+    - shell: powershell
+      run: cargo test --no-default-features --features=rustls,winauth
+    - shell: powershell
+      run: cargo test --no-default-features --features=vendored-openssl,winauth
 
   cargo-test-macos:
     runs-on: macos-26
@@ -160,21 +169,16 @@ jobs:
       matrix:
         database:
         - 2019
-        features:
-        - "--no-default-features --features=rustls,chrono,time,tds73,sql-browser-tokio,sql-browser-smol,integrated-auth-gssapi,rust_decimal,bigdecimal"
-        - "--no-default-features --features=vendored-openssl"
 
     steps:
 
     - uses: actions/checkout@v5
     - uses: dtolnay/rust-toolchain@stable
       with:
-        components: rustfmt, clippy
+        components: clippy
 
     # For now we're not running the integration tests in macos,
     # only running the unit tests
-    - name: Run test
-      run: cargo test ${{ matrix.features }} --lib
-
-    - name: Run clippy
-      run: cargo clippy ${{ matrix.features }}
+    - run: cargo test --no-default-features --features=vendored-openssl --lib
+    - run: cargo test --no-default-features --features=rustls,chrono,time,tds73,sql-browser-tokio,sql-browser-smol,integrated-auth-gssapi,rust_decimal,bigdecimal --lib
+    - run: cargo clippy ${{ matrix.features }}
diff --git a/README.md b/README.md
index 44398dc5..953f99cf 100644
--- a/README.md
+++ b/README.md
@@ -142,3 +142,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 ## Security
 
 If you have a security issue to report, please contact us at [security@prisma.io](mailto:security@prisma.io?subject=[GitHub]%20Prisma%202%20Security%20Report%20Tiberius)
+
+## Notes
+
+We have native TLS, open TLS, and rust TLS. In the event that multiple are chosen the one with the lowest number will always "win".
\ No newline at end of file
diff --git a/src/client/connection.rs b/src/client/connection.rs
index 09d37256..6b9c1b96 100644
--- a/src/client/connection.rs
+++ b/src/client/connection.rs
@@ -285,7 +285,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> Connection<S> {
     /// Defines the login record rules with SQL Server. Authentication with
     /// connection options.
     #[allow(clippy::too_many_arguments)]
-    async fn login<'a>(
+    async fn login(
         mut self,
         auth: AuthMethod,
         encryption: EncryptionLevel,
diff --git a/src/client/tls.rs b/src/client/tls.rs
index 7a22d433..b3425c97 100644
--- a/src/client/tls.rs
+++ b/src/client/tls.rs
@@ -179,7 +179,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> AsyncRead for TlsPreloginWrapper<
             }
 
             let header = PacketHeader::decode(&mut BytesMut::from(&inner.header_buf[..]))
-                .map_err(|err| io::Error::new(io::ErrorKind::Other, err))?;
+                .map_err(io::Error::other)?;
 
             // We only get pre-login packets in the handshake process.
             assert_eq!(header.r#type(), PacketType::PreLogin);
diff --git a/src/client/tls_stream/native_tls_stream.rs b/src/client/tls_stream/native_tls_stream.rs
index cf5591d8..23d93f65 100644
--- a/src/client/tls_stream/native_tls_stream.rs
+++ b/src/client/tls_stream/native_tls_stream.rs
@@ -19,12 +19,12 @@ pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
             if let Ok(buf) = fs::read(path) {
                 let cert = match path.extension() {
                         Some(ext)
-                        if ext.to_ascii_lowercase() == "pem"
-                            || ext.to_ascii_lowercase() == "crt" =>
+                        if ext.eq_ignore_ascii_case("pem")
+                            || ext.eq_ignore_ascii_case("crt") =>
                             {
                                 Some(Certificate::from_pem(&buf)?)
                             }
-                        Some(ext) if ext.to_ascii_lowercase() == "der" => {
+                        Some(ext) if ext.eq_ignore_ascii_case("der") => {
                             Some(Certificate::from_der(&buf)?)
                         }
                         Some(_) | None => return Err(Error::Io {
diff --git a/src/lib.rs b/src/lib.rs
index 882f5ad3..1115a5e2 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -156,11 +156,11 @@
 //! Tiberius supports different [ways of authentication] to the SQL Server:
 //!
 //! - SQL Server authentication uses the facilities of the database to
-//! authenticate the user.
+//!   authenticate the user.
 //! - On Windows, you can authenticate using the currently logged in user or
-//! specified Windows credentials.
+//!   specified Windows credentials.
 //! - If enabling the `integrated-auth-gssapi` feature, it is possible to login
-//! with the currently active Kerberos credentials.
+//!   with the currently active Kerberos credentials.
 //!
 //! ## AAD(Azure Active Directory) Authentication
 //!
diff --git a/src/macros.rs b/src/macros.rs
index 35f24228..dd38287e 100644
--- a/src/macros.rs
+++ b/src/macros.rs
@@ -17,6 +17,7 @@ macro_rules! uint_enum {
 
         impl ::std::convert::TryFrom<u8> for $ty {
             type Error = ();
+            #[allow(clippy::cast_enum_truncation,reason="todo, investigate")]
             fn try_from(n: u8) -> ::std::result::Result<$ty, ()> {
                 match n {
                     $( x if x == $ty::$variant as u8 => Ok($ty::$variant), )*
diff --git a/src/query.rs b/src/query.rs
index 86e94999..790052b4 100644
--- a/src/query.rs
+++ b/src/query.rs
@@ -69,7 +69,7 @@ impl<'a> Query<'a> {
     /// [`ToSql`]: trait.ToSql.html
     /// [`FromSql`]: trait.FromSql.html
     /// [`Client#execute`]: struct.Client.html#method.execute
-    pub async fn execute<'b, S>(self, client: &'b mut Client<S>) -> crate::Result<ExecuteResult>
+    pub async fn execute<S>(self, client: &mut Client<S>) -> crate::Result<ExecuteResult>
     where
         S: AsyncRead + AsyncWrite + Unpin + Send,
     {
diff --git a/src/tds/codec/decode.rs b/src/tds/codec/decode.rs
index d19fec0c..9b3943d6 100644
--- a/src/tds/codec/decode.rs
+++ b/src/tds/codec/decode.rs
@@ -53,10 +53,11 @@ impl Decoder for PacketCodec {
                 if buf.is_empty() {
                     Ok(None)
                 } else {
-                    Err(
-                        std::io::Error::new(std::io::ErrorKind::Other, "bytes remaining on stream")
-                            .into(),
-                    )
+                    // Err(
+                    //     std::io::Error::other("bytes remaining on stream")
+                    //         .into(),
+                    // )
+                    Err(std::io::Error::other("bytes remaining on stream").into())
                 }
             }
         }
diff --git a/src/tds/codec/header.rs b/src/tds/codec/header.rs
index 719fc158..2a84f6bc 100644
--- a/src/tds/codec/header.rs
+++ b/src/tds/codec/header.rs
@@ -57,7 +57,7 @@ pub(crate) struct PacketHeader {
 
 impl PacketHeader {
     pub fn new(length: usize, id: u8) -> PacketHeader {
-        assert!(length <= u16::max_value() as usize);
+        assert!(length <= u16::MAX as usize);
         PacketHeader {
             ty: PacketType::TDSv7Login,
             status: PacketStatus::ResetConnection,
diff --git a/src/tds/codec/token/token_row.rs b/src/tds/codec/token/token_row.rs
index b1ff16b6..d83692c0 100644
--- a/src/tds/codec/token/token_row.rs
+++ b/src/tds/codec/token/token_row.rs
@@ -177,7 +177,7 @@ impl RowBitmap {
     where
         R: SqlReadBytes + Unpin,
     {
-        let size = (columns + 8 - 1) / 8;
+        let size = columns.div_ceil(8);
         let mut data = vec![0; size];
         src.read_exact(&mut data[0..size]).await?;
 
diff --git a/src/tds/codec/type_info.rs b/src/tds/codec/type_info.rs
index 20647d70..4e67a179 100644
--- a/src/tds/codec/type_info.rs
+++ b/src/tds/codec/type_info.rs
@@ -2,7 +2,7 @@ use asynchronous_codec::BytesMut;
 use bytes::BufMut;
 
 use crate::{tds::Collation, xml::XmlSchema, Error, SqlReadBytes};
-use std::{convert::TryFrom, sync::Arc, usize};
+use std::{convert::TryFrom, sync::Arc};
 
 use super::Encode;
 
diff --git a/src/tds/collation.rs b/src/tds/collation.rs
index 20367728..7da0bc04 100644
--- a/src/tds/collation.rs
+++ b/src/tds/collation.rs
@@ -74,7 +74,7 @@ impl fmt::Display for Collation {
 /// 1. (regex)replace: (.*?)\((.*?),(.*?)\) with $2 => $3
 /// 2. replace: Encoding.CP(.*?) with encoding::all::WINDOWS_$1
 /// 3. replace: Encoding.UNICODE with encoding::all::UTF16_LE
-//
+///
 /// the unimplemented!() one's are not supported by rust-encoding
 pub fn lcid_to_encoding(locale: u16) -> Option<&'static Encoding> {
     match locale {
diff --git a/src/tds/numeric.rs b/src/tds/numeric.rs
index 4f856beb..e4eff9ce 100644
--- a/src/tds/numeric.rs
+++ b/src/tds/numeric.rs
@@ -112,7 +112,7 @@ impl Numeric {
             #[cfg(target_endian = "big")]
             let (low_part, high_part) = (high_part, low_part);
 
-            let high_part = high_part * (u64::max_value() as u128 + 1);
+            let high_part = high_part * (u64::MAX as u128 + 1);
             low_part + high_part
         }
 
diff --git a/src/tds/time.rs b/src/tds/time.rs
index 05a1c053..92c6476a 100644
--- a/src/tds/time.rs
+++ b/src/tds/time.rs
@@ -25,6 +25,11 @@
 #[cfg_attr(feature = "docs", doc(cfg(feature = "chrono")))]
 pub mod chrono;
 
+//#[allow(clippy::module_inception,reason="tbd rename tds::time or this module")]
+#[allow(
+    clippy::module_inception,
+    reason = "tbd rename tds::time or this module"
+)]
 #[cfg(feature = "time")]
 #[cfg_attr(feature = "docs", doc(cfg(feature = "time")))]
 pub mod time;
@@ -163,7 +168,7 @@ impl Date {
     /// Construct a new `Date`
     ///
     /// # Panics
-    /// max value of 3 bytes (`u32::max_value() > 8`)
+    /// max value of 3 bytes (`u32::MAX > 8`)
     pub fn new(days: u32) -> Date {
         assert_eq!(days >> 24, 0);
         Date(days)
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index f8e60df5..556b6342 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -29,7 +29,7 @@ fn main() {
             // start_container calls wait_for_sql anyway
             // so we don't need to call the below line:
             // wait_for_sql();
-            run_tests(vec![]);
+            run_tests(args.collect::<Vec<_>>());
             stop_container(&version);
         }
         "stop" => {
@@ -101,7 +101,7 @@ fn stop_container(version: &str) {
     println!("Stopped container {}", name);
 }
 
-fn run_tests(_flags: Vec<String>) {
+fn run_tests(flags: Vec<String>) {
     let sa_password =
         env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
     let connection_string = env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| {
@@ -116,6 +116,7 @@ fn run_tests(_flags: Vec<String>) {
     let status = Command::new("cargo")
         .arg("test")
         .env("TIBERIUS_TEST_CONNECTION_STRING", &connection_string)
+        .args(&flags)
         .status()
         .expect("failed to run cargo test");
 

From 0905769824b2a697c42287fe3137fea19ca8fede Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Tue, 21 Oct 2025 00:37:24 +0000
Subject: [PATCH 04/27] Cargo clippy

Cargo cached

rerun

No chocolatey

No chocolatey + cargo cache
---
 .github/workflows/test.yml | 36 +++++++++++++++++++++++-------------
 src/tds/codec/decode.rs    |  4 ----
 src/tds/time.rs            |  1 -
 3 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 035f72e7..c30df0b0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,7 +28,6 @@ jobs:
       fail-fast: false
       matrix:
         engine: [ 2017, 2019, 2022, "azure" ]
-        # engine: [ 2019 ]
 
     steps:
     - name: Checkout repository
@@ -90,21 +89,32 @@ jobs:
         path: ${{ steps.psmodulecache.outputs.modulepath }}
         key: ${{ steps.psmodulecache.outputs.keygen }}
 
-    - name: Setup Chocolatey download cache
-      id: chococache
-      uses: actions/cache@v4
-      with:
-        path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\
-        key: chocolatey-install
-
-    - name: Setup Cargo build cache
-      uses: actions/cache@v4
+    # - name: Setup Chocolatey download cache
+    #   id: chococache
+    #   uses: actions/cache@v4
+    #   with:
+    #     path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\
+    #     key: chocolatey-install
+
+    # - name: Setup Cargo build cache
+    #   uses: actions/cache@v4
+    #   with:
+    #     path: |
+    #       C:\Users\runneradmin\.cargo\registry
+    #       C:\Users\runneradmin\.cargo\git
+    #       target
+    #     key: ${{ runner.os }}-cargo
+
+    - name: Cache Cargo build cache
+      uses: actions/cache@v4 # cache command, updated to v4
       with:
         path: |
-          C:\Users\runneradmin\.cargo\registry
-          C:\Users\runneradmin\.cargo\git
+          ~/.cargo/registry
+          ~/.cargo/git
           target
-        key: ${{ runner.os }}-cargo
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-cargo-
 
     - name: Install required PowerShell modules
       if: steps.cacher.outputs.cache-hit != 'true'
diff --git a/src/tds/codec/decode.rs b/src/tds/codec/decode.rs
index 9b3943d6..b9776683 100644
--- a/src/tds/codec/decode.rs
+++ b/src/tds/codec/decode.rs
@@ -53,10 +53,6 @@ impl Decoder for PacketCodec {
                 if buf.is_empty() {
                     Ok(None)
                 } else {
-                    // Err(
-                    //     std::io::Error::other("bytes remaining on stream")
-                    //         .into(),
-                    // )
                     Err(std::io::Error::other("bytes remaining on stream").into())
                 }
             }
diff --git a/src/tds/time.rs b/src/tds/time.rs
index 92c6476a..6b2c2cb7 100644
--- a/src/tds/time.rs
+++ b/src/tds/time.rs
@@ -25,7 +25,6 @@
 #[cfg_attr(feature = "docs", doc(cfg(feature = "chrono")))]
 pub mod chrono;
 
-//#[allow(clippy::module_inception,reason="tbd rename tds::time or this module")]
 #[allow(
     clippy::module_inception,
     reason = "tbd rename tds::time or this module"

From 35d431cf825a98a84e21c5312547639a50dd81be Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Tue, 21 Oct 2025 05:33:51 +0000
Subject: [PATCH 05/27] Clean up

---
 .github/workflows/test.yml | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c30df0b0..3c8cc117 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -89,22 +89,6 @@ jobs:
         path: ${{ steps.psmodulecache.outputs.modulepath }}
         key: ${{ steps.psmodulecache.outputs.keygen }}
 
-    # - name: Setup Chocolatey download cache
-    #   id: chococache
-    #   uses: actions/cache@v4
-    #   with:
-    #     path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\
-    #     key: chocolatey-install
-
-    # - name: Setup Cargo build cache
-    #   uses: actions/cache@v4
-    #   with:
-    #     path: |
-    #       C:\Users\runneradmin\.cargo\registry
-    #       C:\Users\runneradmin\.cargo\git
-    #       target
-    #     key: ${{ runner.os }}-cargo
-
     - name: Cache Cargo build cache
       uses: actions/cache@v4 # cache command, updated to v4
       with:

From d79bf699d5c447c46d73f286d45c4728a68df2c4 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Tue, 21 Oct 2025 05:45:14 +0000
Subject: [PATCH 06/27] Clean up

---
 .github/workflows/test.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3c8cc117..4ed6c68b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -31,7 +31,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Install dependencies
       run: sudo apt-get update && sudo apt-get install -y libkrb5-dev krb5-user && sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi
@@ -39,6 +39,8 @@ jobs:
     - name: Install Rust
       uses: dtolnay/rust-toolchain@stable
 
+    # we use the same cache key irrespective of the
+    # SQL server version
     - name: Setup Cargo build cache
       uses: actions/cache@v4
       with:
@@ -96,9 +98,9 @@ jobs:
           ~/.cargo/registry
           ~/.cargo/git
           target
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-cargo-
+        key: $windows-cargo-${{ hashFiles('**/Cargo.lock') }}
+        # restore-keys: |
+        #   ${{ runner.os }}-cargo-
 
     - name: Install required PowerShell modules
       if: steps.cacher.outputs.cache-hit != 'true'

From 71900c796cbe739679b887ad6d35e9a36d5be5c1 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Thu, 23 Oct 2025 23:33:10 +0000
Subject: [PATCH 07/27] Fixes based on comments

---
 .github/workflows/test.yml |  6 +++++-
 README.md                  |  6 +++++-
 tests/custom-cert.rs       | 17 ++---------------
 3 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4ed6c68b..2a3185c8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -98,7 +98,7 @@ jobs:
           ~/.cargo/registry
           ~/.cargo/git
           target
-        key: $windows-cargo-${{ hashFiles('**/Cargo.lock') }}
+        key: windows-cargo-${{ hashFiles('**/Cargo.lock') }}
         # restore-keys: |
         #   ${{ runner.os }}-cargo-
 
@@ -173,6 +173,10 @@ jobs:
       with:
         components: clippy
 
+    #rust tls
+    # .. tls
+    # vendored tls
+
     # For now we're not running the integration tests in macos,
     # only running the unit tests
     - run: cargo test --no-default-features --features=vendored-openssl --lib
diff --git a/README.md b/README.md
index 953f99cf..11998e5d 100644
--- a/README.md
+++ b/README.md
@@ -145,4 +145,8 @@ If you have a security issue to report, please contact us at [security@prisma.io
 
 ## Notes
 
-We have native TLS, open TLS, and rust TLS. In the event that multiple are chosen the one with the lowest number will always "win".
\ No newline at end of file
+We have native TLS, open TLS, and rust TLS. In the event that multiple are chosen the one with the lowest number will always "win".
+
+1. Rust TLS
+2. Native TLS
+3. Open TLS
\ No newline at end of file
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 23c121fc..0c4ab48d 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -7,13 +7,6 @@ use tokio_util::compat::TokioAsyncWriteCompatExt;
 #[allow(dead_code)]
 static LOGGER_SETUP: Once = Once::new();
 
-#[allow(dead_code)]
-fn load_ca_bytes() -> Result<Vec<u8>> {
-    let ca_path = std::env::current_dir()?.join("docker/certs/customCA.crt");
-    let ca_bytes = std::fs::read(&ca_path)?;
-    Ok(ca_bytes)
-}
-
 #[test]
 #[cfg(any(
     feature = "rustls",
@@ -28,12 +21,9 @@ fn connect_to_custom_cert_instance_ado() -> Result<()> {
     let rt = Runtime::new()?;
 
     rt.block_on(async {
-        #[allow(unused_variables)]
-        let ca_bytes = load_ca_bytes()?;
-
         let mut config =
             Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true")?;
-        config.trust_cert();
+        config.trust_cert_ca("docker/certs/customCA.crt");
         config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
@@ -64,11 +54,8 @@ fn connect_to_custom_cert_instance_jdbc() -> Result<()> {
 
     let rt = Runtime::new()?;
     rt.block_on(async {
-        #[allow(unused_variables)]
-        let ca_bytes = load_ca_bytes()?;
-
         let mut config = Config::from_jdbc_string("jdbc:sqlserver://localhost:1433")?;
-        config.trust_cert();
+        config.trust_cert_ca("docker/certs/customCA.crt");
         config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
 
         let tcp = TcpStream::connect(config.get_addr()).await?;

From 9cf0f787b94b135d8751665587e8e17397ab4ce1 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 27 Oct 2025 00:10:26 +0000
Subject: [PATCH 08/27] Testing

---
 .github/workflows/test.yml |   6 --
 tests/custom-cert.rs       |   6 ++
 xtask/src/main.rs          |  43 +++++++++---
 xtask/src/main3.rs         | 137 +++++++++++++++++++++++++++++++++++++
 4 files changed, 178 insertions(+), 14 deletions(-)
 create mode 100644 xtask/src/main3.rs

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2a3185c8..3d9160eb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -99,8 +99,6 @@ jobs:
           ~/.cargo/git
           target
         key: windows-cargo-${{ hashFiles('**/Cargo.lock') }}
-        # restore-keys: |
-        #   ${{ runner.os }}-cargo-
 
     - name: Install required PowerShell modules
       if: steps.cacher.outputs.cache-hit != 'true'
@@ -173,10 +171,6 @@ jobs:
       with:
         components: clippy
 
-    #rust tls
-    # .. tls
-    # vendored tls
-
     # For now we're not running the integration tests in macos,
     # only running the unit tests
     - run: cargo test --no-default-features --features=vendored-openssl --lib
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 0c4ab48d..96209590 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -95,3 +95,9 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
         Ok(())
     })
 }
+
+// build and run container docker
+// docker rm and then docker build then docker run and run the container that we build
+// use those image tag things to figure out which docker file to build so instea dof templating the
+// name of the image on microsofts container repo we'll need to template the name of the docker file itself
+// when we use docker build we'll give docker a tag and then run that same tag
\ No newline at end of file
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index 556b6342..f610407b 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -5,6 +5,12 @@ use std::{
     time::Duration,
 };
 
+// build and run container docker
+// docker rm and then docker build then docker run and run the container that we build
+// use those image tag things to figure out which docker file to build so instea dof templating the
+// name of the image on microsofts container repo we'll need to template the name of the docker file itself
+// when we use docker build we'll give docker a tag and then run that same tag
+
 fn main() {
     let mut args = env::args().skip(1);
     let cmd = args.next().unwrap_or_default();
@@ -48,13 +54,17 @@ fn start_container(version: &str) {
     let sa_password =
         env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
     let container_name = format!("mssql-{}", version);
-    let image_tag = match version {
-        "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
-        "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
-        "2022" => "mcr.microsoft.com/mssql/server:2022-latest",
-        "azure" => "mcr.microsoft.com/azure-sql-edge",
-        _ => panic!("Unsupported version, {}", version),
-    };
+    // let image_tag = match version {
+    //     "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
+    //     "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
+    //     "2022" => "mcr.microsoft.com/mssql/server:2022-latest",
+    //     "azure" => "mcr.microsoft.com/azure-sql-edge",
+    //     _ => panic!("Unsupported version, {}", version),
+    // };
+
+    let dockerfile = format!("Dockerfile.{}", version);
+    let image_tag = format!("my-mssql:{}", version);
+
 
     println!("Cleaning up existing container, {}", container_name);
 
@@ -62,6 +72,22 @@ fn start_container(version: &str) {
         .args(["rm", "-f", &container_name])
         .status();
 
+    // let _ = Command::new("docker")
+    //     .args(["", "", &container_name])
+    //     .status();
+
+    println!("Building image {} from {}...", image_tag, dockerfile);
+
+    let status = Command::new("docker")
+        .args(["build", "-f", &dockerfile, "-t", &image_tag, "."])
+        .status()
+        .expect("Failed to build docker image");
+
+    if !status.success() {
+        eprintln!("Docker build failed for {}", version);
+        exit(1);
+    }
+
     println!("Starting SQL Server {} container...", version);
 
     let status = Command::new("docker")
@@ -76,7 +102,7 @@ fn start_container(version: &str) {
             &format!("SA_PASSWORD={}", sa_password),
             "-p",
             "1433:1433",
-            image_tag,
+            &image_tag,
         ])
         .status()
         .expect("Failed to run docker");
@@ -124,3 +150,4 @@ fn run_tests(flags: Vec<String>) {
         exit(1);
     }
 }
+
diff --git a/xtask/src/main3.rs b/xtask/src/main3.rs
new file mode 100644
index 00000000..08f644ae
--- /dev/null
+++ b/xtask/src/main3.rs
@@ -0,0 +1,137 @@
+use std::{
+    env,
+    process::{Command, exit},
+    thread::sleep,
+    time::Duration,
+};
+
+// build and run container docker
+// docker rm and then docker build then docker run and run the container that we build
+// use those image tag things to figure out which docker file to build so instea dof templating the
+// name of the image on microsofts container repo we'll need to template the name of the docker file itself
+// when we use docker build we'll give docker a tag and then run that same tag
+
+fn main() {
+    let mut args = env::args().skip(1);
+    let cmd = args.next().unwrap_or_default();
+
+    match cmd.as_str() {
+        "container" => {
+            // need to change unwrap_or_else in document
+            // default version is 2019, any opposition?
+
+            // doesn't run tests
+            let version = args.next().unwrap_or_else(|| "2019".into());
+            start_container(&version);
+        }
+        "test" => {
+            // run the tests
+            run_tests(args.collect::<Vec<_>>());
+        }
+        "local" => {
+            // local runs test AND container
+            let version = args.next().unwrap_or_else(|| "2019".into());
+            start_container(&version);
+            // start_container calls wait_for_sql anyway
+            // so we don't need to call the below line:
+            // wait_for_sql();
+            run_tests(args.collect::<Vec<_>>());
+            stop_container(&version);
+        }
+        "stop" => {
+            // stops running containers
+            let version = args.next().unwrap_or_else(|| "2019".into());
+            stop_container(&version);
+        }
+        _ => {
+            // eprintln!("Usage: cargo xtask <container|stop|test|local> [args]");
+            exit(1);
+        }
+    }
+}
+
+fn start_container(version: &str) {
+    let sa_password =
+        env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
+    let container_name = format!("mssql-{}", version);
+    let image_tag = match version {
+        "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
+        "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
+        "2022" => "mcr.microsoft.com/mssql/server:2022-latest",
+        "azure" => "mcr.microsoft.com/azure-sql-edge",
+        _ => panic!("Unsupported version, {}", version),
+    };
+
+    println!("Cleaning up existing container, {}", container_name);
+
+    let _ = Command::new("docker")
+        .args(["rm", "-f", &container_name])
+        .status();
+
+    let _ = Command::new("docker")
+        .args(["", "", &container_name])
+        .status();
+
+    println!("Starting SQL Server {} container...", version);
+
+    let status = Command::new("docker")
+        .args([
+            "run",
+            "-d",
+            "--name",
+            &container_name,
+            "-e",
+            "ACCEPT_EULA=Y",
+            "-e",
+            &format!("SA_PASSWORD={}", sa_password),
+            "-p",
+            "1433:1433",
+            image_tag,
+        ])
+        .status()
+        .expect("Failed to run docker");
+
+    if !status.success() {
+        eprintln!("Failed to start container, {}", version);
+        exit(1);
+    }
+
+    println!("Started container: {}", container_name);
+    wait_for_sql();
+}
+
+fn wait_for_sql() {
+    println!("Waiting for SQL Server to start. 25 seconds. Do not change or exit.");
+    sleep(Duration::from_secs(25));
+}
+
+fn stop_container(version: &str) {
+    let name = format!("mssql-{}", version);
+    let _ = Command::new("docker").args(["rm", "-f", &name]).status();
+    println!("Stopped container {}", name);
+}
+
+fn run_tests(flags: Vec<String>) {
+    let sa_password =
+        env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
+    let connection_string = env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| {
+        format!(
+            "server=tcp:localhost,1433;user=sa;password={};TrustServerCertificate=true",
+            sa_password
+        )
+    });
+
+    // for debugging: println!("Running tests with connection {}", connection_string);
+
+    let status = Command::new("cargo")
+        .arg("test")
+        .env("TIBERIUS_TEST_CONNECTION_STRING", &connection_string)
+        .args(&flags)
+        .status()
+        .expect("failed to run cargo test");
+
+    if !status.success() {
+        exit(1);
+    }
+}
+

From a5d1d0f42a77db36994e766c7614f46c7b0d52fb Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 27 Oct 2025 00:20:26 +0000
Subject: [PATCH 09/27] Added working directory

---
 xtask/src/main.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index f610407b..6549beb7 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -62,7 +62,7 @@ fn start_container(version: &str) {
     //     _ => panic!("Unsupported version, {}", version),
     // };
 
-    let dockerfile = format!("Dockerfile.{}", version);
+    let dockerfile = format!("docker/Dockerfile.{}", version);
     let image_tag = format!("my-mssql:{}", version);
 
 

From d833a01d8e441d5dae690e3755c881d4b3148327 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 27 Oct 2025 00:27:10 +0000
Subject: [PATCH 10/27] Added working directory

---
 xtask/src/main.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index 6549beb7..ce39ddf8 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -54,6 +54,9 @@ fn start_container(version: &str) {
     let sa_password =
         env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
     let container_name = format!("mssql-{}", version);
+
+    // OLD version
+
     // let image_tag = match version {
     //     "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
     //     "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
@@ -72,9 +75,9 @@ fn start_container(version: &str) {
         .args(["rm", "-f", &container_name])
         .status();
 
-    // let _ = Command::new("docker")
-    //     .args(["", "", &container_name])
-    //     .status();
+    let _ = Command::new("docker")
+        .args(["", "", &container_name])
+        .status();
 
     println!("Building image {} from {}...", image_tag, dockerfile);
 

From 82ddf827923df1368ed47d64cf45086a99e32f44 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 27 Oct 2025 00:37:10 +0000
Subject: [PATCH 11/27] Added working directory

---
 xtask/src/main.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index ce39ddf8..bde109f9 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -68,7 +68,6 @@ fn start_container(version: &str) {
     let dockerfile = format!("docker/Dockerfile.{}", version);
     let image_tag = format!("my-mssql:{}", version);
 
-
     println!("Cleaning up existing container, {}", container_name);
 
     let _ = Command::new("docker")

From 9ee8f39a8c411ffbc867bddf2ad9b95aeb2e3c55 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 27 Oct 2025 03:06:37 +0000
Subject: [PATCH 12/27] Added working directory

---
 xtask/src/main.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index bde109f9..c1aae359 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -119,7 +119,7 @@ fn start_container(version: &str) {
 }
 
 fn wait_for_sql() {
-    println!("Waiting for SQL Server to start. 25 seconds. Do not change or exit.");
+    println!("Waiting for SQL Server to start. 25 seconds. Do not change or exit. - please.");
     sleep(Duration::from_secs(25));
 }
 

From 8944a3d6a0eb2f62d2ca1ef35ea65f4190203b1d Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 27 Oct 2025 04:57:13 +0000
Subject: [PATCH 13/27] Fixes

---
 xtask/src/main.rs  |  19 -------
 xtask/src/main3.rs | 137 ---------------------------------------------
 2 files changed, 156 deletions(-)
 delete mode 100644 xtask/src/main3.rs

diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index c1aae359..e003f515 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -5,12 +5,6 @@ use std::{
     time::Duration,
 };
 
-// build and run container docker
-// docker rm and then docker build then docker run and run the container that we build
-// use those image tag things to figure out which docker file to build so instea dof templating the
-// name of the image on microsofts container repo we'll need to template the name of the docker file itself
-// when we use docker build we'll give docker a tag and then run that same tag
-
 fn main() {
     let mut args = env::args().skip(1);
     let cmd = args.next().unwrap_or_default();
@@ -33,8 +27,6 @@ fn main() {
             let version = args.next().unwrap_or_else(|| "2019".into());
             start_container(&version);
             // start_container calls wait_for_sql anyway
-            // so we don't need to call the below line:
-            // wait_for_sql();
             run_tests(args.collect::<Vec<_>>());
             stop_container(&version);
         }
@@ -44,7 +36,6 @@ fn main() {
             stop_container(&version);
         }
         _ => {
-            // eprintln!("Usage: cargo xtask <container|stop|test|local> [args]");
             exit(1);
         }
     }
@@ -55,16 +46,6 @@ fn start_container(version: &str) {
         env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
     let container_name = format!("mssql-{}", version);
 
-    // OLD version
-
-    // let image_tag = match version {
-    //     "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
-    //     "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
-    //     "2022" => "mcr.microsoft.com/mssql/server:2022-latest",
-    //     "azure" => "mcr.microsoft.com/azure-sql-edge",
-    //     _ => panic!("Unsupported version, {}", version),
-    // };
-
     let dockerfile = format!("docker/Dockerfile.{}", version);
     let image_tag = format!("my-mssql:{}", version);
 
diff --git a/xtask/src/main3.rs b/xtask/src/main3.rs
deleted file mode 100644
index 08f644ae..00000000
--- a/xtask/src/main3.rs
+++ /dev/null
@@ -1,137 +0,0 @@
-use std::{
-    env,
-    process::{Command, exit},
-    thread::sleep,
-    time::Duration,
-};
-
-// build and run container docker
-// docker rm and then docker build then docker run and run the container that we build
-// use those image tag things to figure out which docker file to build so instea dof templating the
-// name of the image on microsofts container repo we'll need to template the name of the docker file itself
-// when we use docker build we'll give docker a tag and then run that same tag
-
-fn main() {
-    let mut args = env::args().skip(1);
-    let cmd = args.next().unwrap_or_default();
-
-    match cmd.as_str() {
-        "container" => {
-            // need to change unwrap_or_else in document
-            // default version is 2019, any opposition?
-
-            // doesn't run tests
-            let version = args.next().unwrap_or_else(|| "2019".into());
-            start_container(&version);
-        }
-        "test" => {
-            // run the tests
-            run_tests(args.collect::<Vec<_>>());
-        }
-        "local" => {
-            // local runs test AND container
-            let version = args.next().unwrap_or_else(|| "2019".into());
-            start_container(&version);
-            // start_container calls wait_for_sql anyway
-            // so we don't need to call the below line:
-            // wait_for_sql();
-            run_tests(args.collect::<Vec<_>>());
-            stop_container(&version);
-        }
-        "stop" => {
-            // stops running containers
-            let version = args.next().unwrap_or_else(|| "2019".into());
-            stop_container(&version);
-        }
-        _ => {
-            // eprintln!("Usage: cargo xtask <container|stop|test|local> [args]");
-            exit(1);
-        }
-    }
-}
-
-fn start_container(version: &str) {
-    let sa_password =
-        env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
-    let container_name = format!("mssql-{}", version);
-    let image_tag = match version {
-        "2017" => "mcr.microsoft.com/mssql/server:2017-latest",
-        "2019" => "mcr.microsoft.com/mssql/server:2019-latest",
-        "2022" => "mcr.microsoft.com/mssql/server:2022-latest",
-        "azure" => "mcr.microsoft.com/azure-sql-edge",
-        _ => panic!("Unsupported version, {}", version),
-    };
-
-    println!("Cleaning up existing container, {}", container_name);
-
-    let _ = Command::new("docker")
-        .args(["rm", "-f", &container_name])
-        .status();
-
-    let _ = Command::new("docker")
-        .args(["", "", &container_name])
-        .status();
-
-    println!("Starting SQL Server {} container...", version);
-
-    let status = Command::new("docker")
-        .args([
-            "run",
-            "-d",
-            "--name",
-            &container_name,
-            "-e",
-            "ACCEPT_EULA=Y",
-            "-e",
-            &format!("SA_PASSWORD={}", sa_password),
-            "-p",
-            "1433:1433",
-            image_tag,
-        ])
-        .status()
-        .expect("Failed to run docker");
-
-    if !status.success() {
-        eprintln!("Failed to start container, {}", version);
-        exit(1);
-    }
-
-    println!("Started container: {}", container_name);
-    wait_for_sql();
-}
-
-fn wait_for_sql() {
-    println!("Waiting for SQL Server to start. 25 seconds. Do not change or exit.");
-    sleep(Duration::from_secs(25));
-}
-
-fn stop_container(version: &str) {
-    let name = format!("mssql-{}", version);
-    let _ = Command::new("docker").args(["rm", "-f", &name]).status();
-    println!("Stopped container {}", name);
-}
-
-fn run_tests(flags: Vec<String>) {
-    let sa_password =
-        env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
-    let connection_string = env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| {
-        format!(
-            "server=tcp:localhost,1433;user=sa;password={};TrustServerCertificate=true",
-            sa_password
-        )
-    });
-
-    // for debugging: println!("Running tests with connection {}", connection_string);
-
-    let status = Command::new("cargo")
-        .arg("test")
-        .env("TIBERIUS_TEST_CONNECTION_STRING", &connection_string)
-        .args(&flags)
-        .status()
-        .expect("failed to run cargo test");
-
-    if !status.success() {
-        exit(1);
-    }
-}
-

From 1be487e51566ecc97a67bbed36cbe2827a95f60d Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Tue, 28 Oct 2025 00:50:06 +0000
Subject: [PATCH 14/27] Making it better

---
 xtask/src/main.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index e003f515..c7a6dc4d 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -46,7 +46,7 @@ fn start_container(version: &str) {
         env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
     let container_name = format!("mssql-{}", version);
 
-    let dockerfile = format!("docker/Dockerfile.{}", version);
+    let dockerfile = format!("docker/docker-mssql-{}.dockerfile", version);
     let image_tag = format!("my-mssql:{}", version);
 
     println!("Cleaning up existing container, {}", container_name);

From 07fffb2f9da0d0fd7792c930728f26076306486f Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Tue, 28 Oct 2025 03:12:53 +0000
Subject: [PATCH 15/27] Making it better

---
 tests/custom-cert.rs | 2 +-
 xtask/src/main.rs    | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 96209590..d16b9fac 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -100,4 +100,4 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
 // docker rm and then docker build then docker run and run the container that we build
 // use those image tag things to figure out which docker file to build so instea dof templating the
 // name of the image on microsofts container repo we'll need to template the name of the docker file itself
-// when we use docker build we'll give docker a tag and then run that same tag
\ No newline at end of file
+// when we use docker build we'll give docker a tag and then run that same tag
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index c7a6dc4d..6aafea43 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -133,4 +133,3 @@ fn run_tests(flags: Vec<String>) {
         exit(1);
     }
 }
-

From 34c1d39ca58dcf1fcd6b02efcdc6db47e9bc212c Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 05:00:40 +0000
Subject: [PATCH 16/27] Certificate fixes

---
 tests/custom-cert.rs | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index d16b9fac..113c01ba 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -41,6 +41,12 @@ fn connect_to_custom_cert_instance_ado() -> Result<()> {
     })
 }
 
+// build and run container docker
+// docker rm and then docker build then docker run and run the container that we build
+// use those image tag things to figure out which docker file to build so instead of templating the
+// name of the image on microsofts container repo we'll need to template the name of the docker file itself
+// when we use docker build we'll give docker a tag and then run that same tag
+
 #[test]
 #[cfg(any(
     feature = "rustls",
@@ -55,7 +61,10 @@ fn connect_to_custom_cert_instance_jdbc() -> Result<()> {
     let rt = Runtime::new()?;
     rt.block_on(async {
         let mut config = Config::from_jdbc_string("jdbc:sqlserver://localhost:1433")?;
-        config.trust_cert_ca("docker/certs/customCA.crt");
+        let ca_path = std::path::Path::new(env!("CARGO_MANIFEST_DIR")).join("docker/certs/customCA.crt");
+        // let ca_path_string = format!("{:?}", ca_path).to_string();
+        config.trust_cert_ca(ca_path.display().to_string());
+        //config.trust_cert_ca("docker/certs/customCA.crt");
         config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
@@ -94,10 +103,4 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
         assert!(client.is_err());
         Ok(())
     })
-}
-
-// build and run container docker
-// docker rm and then docker build then docker run and run the container that we build
-// use those image tag things to figure out which docker file to build so instea dof templating the
-// name of the image on microsofts container repo we'll need to template the name of the docker file itself
-// when we use docker build we'll give docker a tag and then run that same tag
+}
\ No newline at end of file

From 39d0edec432c6a6ccf08c24ff407bb4699c26bf3 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 05:18:06 +0000
Subject: [PATCH 17/27] Certificate fixes - testing

---
 docker/docker-mssql-2017.dockerfile | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile
index 28a3dd4f..aa165564 100644
--- a/docker/docker-mssql-2017.dockerfile
+++ b/docker/docker-mssql-2017.dockerfile
@@ -1,5 +1,11 @@
-FROM mcr.microsoft.com/mssql/server:2017-latest
+# FROM mcr.microsoft.com/mssql/server:2017-latest
 
-COPY --chmod=440 certs/server.* /certs/
-COPY --chmod=440 certs/customCA.* /certs/
-COPY docker-mssql.conf /var/opt/mssql/mssql.conf
+# COPY --chmod=440 certs/server.* /certs/
+# COPY --chmod=440 certs/customCA.* /certs/
+# COPY docker-mssql.conf /var/opt/mssql/mssql.conf
+
+FROM mcr.microsoft.com/azure-sql-edge:latest
+
+COPY --chmod=440 docker/certs/server.* /certs/
+COPY --chmod=440 docker/certs/customCA.* /certs/
+COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file

From 692c11431127532a97b281f5fa90452b3935249d Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 22:38:33 +0000
Subject: [PATCH 18/27] Certificate fixes - testing

---
 docker/certs/customCA.srl               |   1 -
 docker/certs/generate-signed-cert.sh    |  52 ------------
 docker/docker-azure-sql-edge.dockerfile |   2 +-
 docker/docker-mssql-2017.dockerfile     |   6 --
 docker/docker-mssql-2019.dockerfile     |   2 +-
 docker/docker-mssql-2022.dockerfile     |   2 +-
 tests/custom-cert.rs                    | 106 ------------------------
 7 files changed, 3 insertions(+), 168 deletions(-)

diff --git a/docker/certs/customCA.srl b/docker/certs/customCA.srl
index 618df778..e69de29b 100644
--- a/docker/certs/customCA.srl
+++ b/docker/certs/customCA.srl
@@ -1 +0,0 @@
-0DAEECC45C07F5E06E0DD1B05115C3CFD1A46D9C
diff --git a/docker/certs/generate-signed-cert.sh b/docker/certs/generate-signed-cert.sh
index dc3086f2..e69de29b 100755
--- a/docker/certs/generate-signed-cert.sh
+++ b/docker/certs/generate-signed-cert.sh
@@ -1,52 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-set -o pipefail
-
-# Skript creates a custom-signed certificate
-# Parameter1 = name of the cert
-
-CERT_KEY_NAME=$1
-CERT_FILE=$CERT_KEY_NAME.crt
-
-export CERT_CN=$CERT_KEY_NAME
-
-echo Prepare Signing-Request-Config from Template
-cat signing-request.config.template | envsubst >> src.txt
-
-echo Generate Private-Key and Certificate-Signing-Request for $CERT_KEY_NAME
-openssl req \
-  -new \
-  -nodes \
-  -config src.txt \
-  -keyout ${CERT_KEY_NAME}.key \
-  -out ${CERT_KEY_NAME}.sr
-
-echo Generate an OpenSSL Certificate for $CERT_KEY_NAME
-openssl x509 -req \
-  -in ${CERT_KEY_NAME}.sr \
-  -extensions v3_req \
-  -extfile src.txt \
-  -CA customCA.crt -CAkey customCA.key \
-  -CAcreateserial \
-  -CAserial customCA.srl \
-  -out $CERT_FILE \
-  -passin file:passphrase.txt \
-  -days 200
-
-echo Generating PEM format
-openssl rsa -in ${CERT_KEY_NAME}.key -out ${CERT_KEY_NAME}-nopassword.key
-cat ${CERT_KEY_NAME}-nopassword.key > ${CERT_KEY_NAME}.pem
-cat ${CERT_KEY_NAME}.crt >> ${CERT_KEY_NAME}.pem
-
-echo Generating Bundle
-cp $CERT_FILE $CERT_KEY_NAME-full.crt
-cat customCA.crt >> $CERT_KEY_NAME-full.crt
-
-echo Cleaning up temporary files
-rm src.txt
-rm ${CERT_KEY_NAME}.sr
-rm ${CERT_KEY_NAME}-nopassword.key
-
-echo DONE
-
diff --git a/docker/docker-azure-sql-edge.dockerfile b/docker/docker-azure-sql-edge.dockerfile
index 14279c40..92feafa2 100644
--- a/docker/docker-azure-sql-edge.dockerfile
+++ b/docker/docker-azure-sql-edge.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/azure-sql-edge:latest
 
 COPY --chmod=440 certs/server.* /certs/
 COPY --chmod=440 certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
+COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile
index aa165564..501a31f2 100644
--- a/docker/docker-mssql-2017.dockerfile
+++ b/docker/docker-mssql-2017.dockerfile
@@ -1,9 +1,3 @@
-# FROM mcr.microsoft.com/mssql/server:2017-latest
-
-# COPY --chmod=440 certs/server.* /certs/
-# COPY --chmod=440 certs/customCA.* /certs/
-# COPY docker-mssql.conf /var/opt/mssql/mssql.conf
-
 FROM mcr.microsoft.com/azure-sql-edge:latest
 
 COPY --chmod=440 docker/certs/server.* /certs/
diff --git a/docker/docker-mssql-2019.dockerfile b/docker/docker-mssql-2019.dockerfile
index 02ffdec0..ac85ad21 100644
--- a/docker/docker-mssql-2019.dockerfile
+++ b/docker/docker-mssql-2019.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/mssql/server:2019-latest
 
 COPY --chmod=440 certs/server.* /certs/
 COPY --chmod=440 certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
+COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2022.dockerfile b/docker/docker-mssql-2022.dockerfile
index 930d3026..b58bb3a4 100644
--- a/docker/docker-mssql-2022.dockerfile
+++ b/docker/docker-mssql-2022.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/mssql/server:2022-latest
 
 COPY --chmod=444 certs/server.* /certs/
 COPY --chmod=444 certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
+COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 113c01ba..e69de29b 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -1,106 +0,0 @@
-#![cfg(unix)]
-use std::sync::Once;
-use tiberius::{AuthMethod, Client, Config, EncryptionLevel, Result};
-use tokio::{net::TcpStream, runtime::Runtime};
-use tokio_util::compat::TokioAsyncWriteCompatExt;
-
-#[allow(dead_code)]
-static LOGGER_SETUP: Once = Once::new();
-
-#[test]
-#[cfg(any(
-    feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
-))]
-fn connect_to_custom_cert_instance_ado() -> Result<()> {
-    LOGGER_SETUP.call_once(|| {
-        env_logger::init();
-    });
-
-    let rt = Runtime::new()?;
-
-    rt.block_on(async {
-        let mut config =
-            Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true")?;
-        config.trust_cert_ca("docker/certs/customCA.crt");
-        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
-
-        let tcp = TcpStream::connect(config.get_addr()).await?;
-        let mut client = Client::connect(config, tcp.compat_write()).await?;
-
-        let row = client
-            .query("SELECT @P1", &[&-4i32])
-            .await?
-            .into_row()
-            .await?
-            .unwrap();
-
-        assert_eq!(Some(-4i32), row.get(0));
-        Ok(())
-    })
-}
-
-// build and run container docker
-// docker rm and then docker build then docker run and run the container that we build
-// use those image tag things to figure out which docker file to build so instead of templating the
-// name of the image on microsofts container repo we'll need to template the name of the docker file itself
-// when we use docker build we'll give docker a tag and then run that same tag
-
-#[test]
-#[cfg(any(
-    feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
-))]
-fn connect_to_custom_cert_instance_jdbc() -> Result<()> {
-    LOGGER_SETUP.call_once(|| {
-        env_logger::init();
-    });
-
-    let rt = Runtime::new()?;
-    rt.block_on(async {
-        let mut config = Config::from_jdbc_string("jdbc:sqlserver://localhost:1433")?;
-        let ca_path = std::path::Path::new(env!("CARGO_MANIFEST_DIR")).join("docker/certs/customCA.crt");
-        // let ca_path_string = format!("{:?}", ca_path).to_string();
-        config.trust_cert_ca(ca_path.display().to_string());
-        //config.trust_cert_ca("docker/certs/customCA.crt");
-        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
-
-        let tcp = TcpStream::connect(config.get_addr()).await?;
-        let mut client = Client::connect(config, tcp.compat_write()).await?;
-
-        let row = client
-            .query("SELECT @P1", &[&-4i32])
-            .await?
-            .into_row()
-            .await?
-            .unwrap();
-
-        assert_eq!(Some(-4i32), row.get(0));
-        Ok(())
-    })
-}
-
-#[test]
-fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
-    LOGGER_SETUP.call_once(|| {
-        env_logger::init();
-    });
-
-    let rt = Runtime::new()?;
-    rt.block_on(async {
-        let mut config = Config::new();
-        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
-        config.encryption(EncryptionLevel::On);
-        config.host("localhost");
-        config.port(1433);
-
-        let tcp = TcpStream::connect(config.get_addr()).await?;
-        let client = Client::connect(config, tcp.compat_write()).await;
-
-        // Should fail because we didn’t add the CA
-        assert!(client.is_err());
-        Ok(())
-    })
-}
\ No newline at end of file

From 1de4b0207b3ffb294ae16252985d2af451c82d90 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 22:51:33 +0000
Subject: [PATCH 19/27] Certificate fixes - testing

---
 docker/docker-mssql-2017.dockerfile |   8 +--
 tests/custom-cert.rs                | 104 ++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+), 4 deletions(-)

diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile
index 501a31f2..764e3855 100644
--- a/docker/docker-mssql-2017.dockerfile
+++ b/docker/docker-mssql-2017.dockerfile
@@ -1,5 +1,5 @@
-FROM mcr.microsoft.com/azure-sql-edge:latest
+FROM mcr.microsoft.com/mssql/server:2017-latest
 
-COPY --chmod=440 docker/certs/server.* /certs/
-COPY --chmod=440 docker/certs/customCA.* /certs/
-COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
+COPY --chmod=440 certs/server.* /certs/
+COPY --chmod=440 certs/customCA.* /certs/
+COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index e69de29b..e0f16cf5 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -0,0 +1,104 @@
+#![cfg(unix)]
+use std::sync::Once;
+use tiberius::{AuthMethod, Client, Config, EncryptionLevel, Result};
+use tokio::{net::TcpStream, runtime::Runtime};
+use tokio_util::compat::TokioAsyncWriteCompatExt;
+
+#[allow(dead_code)]
+static LOGGER_SETUP: Once = Once::new();
+
+#[test]
+#[cfg(any(q
+    feature = "rustls",
+    feature = "native-tls",
+    feature = "vendored-openssl"
+))]
+fn connect_to_custom_cert_instance_ado() -> Result<()> {
+    LOGGER_SETUP.call_once(|| {
+        env_logger::init();
+    });
+
+    let rt = Runtime::new()?;
+
+    rt.block_on(async {
+        let mut config = Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificateCA=docker/certs/customCA.crt")?;
+        config.authentication(AuthMethod::sql_server(
+            "sa",
+            "<YourStrong@Passw0rd>",
+        ));
+
+        let tcp = TcpStream::connect(config.get_addr()).await?;
+
+        let mut client = Client::connect(config, tcp.compat_write()).await?;
+
+        let row = client
+            .query("SELECT @P1", &[&-4i32])
+            .await?
+            .into_row()
+            .await?
+            .unwrap();
+
+        assert_eq!(Some(-4i32), row.get(0));
+        Ok(())
+    })
+}
+
+#[test]
+#[cfg(any(
+    feature = "rustls",
+    feature = "native-tls",
+    feature = "vendored-openssl"
+))]
+fn connect_to_custom_cert_instance_jdbc() -> Result<()> {
+    LOGGER_SETUP.call_once(|| {
+        env_logger::init();
+    });
+
+    let rt = Runtime::new()?;
+
+    rt.block_on(async {
+        // Careful: the / in the TrustServerCertificateCA needs to be escaped
+        let mut config = Config::from_jdbc_string(
+            "jdbc:sqlserver://localhost:1433;TrustServerCertificateCA=docker{/}certs{/}customCA.crt",
+        )?;
+        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
+
+        let tcp = TcpStream::connect(config.get_addr()).await?;
+
+        let mut client = Client::connect(config, tcp.compat_write()).await?;
+
+        let row = client
+            .query("SELECT @P1", &[&-4i32])
+            .await?
+            .into_row()
+            .await?
+            .unwrap();
+
+        assert_eq!(Some(-4i32), row.get(0));
+        Ok(())
+    })
+}
+
+#[test]
+fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
+    LOGGER_SETUP.call_once(|| {
+        env_logger::init();
+    });
+
+    let rt = Runtime::new()?;
+
+    rt.block_on(async {
+        let mut config = Config::new();
+        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
+        config.encryption(EncryptionLevel::On);
+        config.host("localhost");
+        config.port(1433);
+
+        let tcp = TcpStream::connect(config.get_addr()).await?;
+
+        let client = Client::connect(config, tcp.compat_write()).await;
+
+        assert!(client.is_err());
+        Ok(())
+    })
+}
\ No newline at end of file

From 16ff2b8bb2e36e1b3641f5b08fc29707494fb74a Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 22:55:18 +0000
Subject: [PATCH 20/27] Certificate fixes - testing

---
 tests/custom-cert.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index e0f16cf5..5e4a42ed 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -8,7 +8,7 @@ use tokio_util::compat::TokioAsyncWriteCompatExt;
 static LOGGER_SETUP: Once = Once::new();
 
 #[test]
-#[cfg(any(q
+#[cfg(any(
     feature = "rustls",
     feature = "native-tls",
     feature = "vendored-openssl"

From 9cb967fad4f4073177cd56db4dbd98c17ccb8ece Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 22:57:47 +0000
Subject: [PATCH 21/27] Certificate fixes - testing

---
 docker/docker-mssql.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/docker-mssql.conf b/docker/docker-mssql.conf
index d8060311..ae86be59 100644
--- a/docker/docker-mssql.conf
+++ b/docker/docker-mssql.conf
@@ -1,5 +1,5 @@
 [network]
-tlscert = /certs/server.crt
-tlskey = /certs/server.key
+tlscert = docker/certs/server.crt
+tlskey = docker/certs/server.key
 tlsprotocols = 1.2
 forceencryption = 0

From 6659073f8935d40cb728f06e9f2212c57feb6a13 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 23:02:15 +0000
Subject: [PATCH 22/27] Certificate fixes - testing

---
 docker/docker-azure-sql-edge.dockerfile | 4 ++--
 docker/docker-mssql-2017.dockerfile     | 4 ++--
 docker/docker-mssql-2019.dockerfile     | 4 ++--
 docker/docker-mssql-2022.dockerfile     | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker/docker-azure-sql-edge.dockerfile b/docker/docker-azure-sql-edge.dockerfile
index 92feafa2..dd27394f 100644
--- a/docker/docker-azure-sql-edge.dockerfile
+++ b/docker/docker-azure-sql-edge.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/azure-sql-edge:latest
 
-COPY --chmod=440 certs/server.* /certs/
-COPY --chmod=440 certs/customCA.* /certs/
+COPY --chmod=440 docker/certs/server.* /certs/
+COPY --chmod=440 docker/certs/customCA.* /certs/
 COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile
index 764e3855..7b301869 100644
--- a/docker/docker-mssql-2017.dockerfile
+++ b/docker/docker-mssql-2017.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/mssql/server:2017-latest
 
-COPY --chmod=440 certs/server.* /certs/
-COPY --chmod=440 certs/customCA.* /certs/
+COPY --chmod=440 docker/certs/server.* /certs/
+COPY --chmod=440 docker/certs/customCA.* /certs/
 COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2019.dockerfile b/docker/docker-mssql-2019.dockerfile
index ac85ad21..1d711232 100644
--- a/docker/docker-mssql-2019.dockerfile
+++ b/docker/docker-mssql-2019.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/mssql/server:2019-latest
 
-COPY --chmod=440 certs/server.* /certs/
-COPY --chmod=440 certs/customCA.* /certs/
+COPY --chmod=440 docker/certs/server.* /certs/
+COPY --chmod=440 docker/certs/customCA.* /certs/
 COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2022.dockerfile b/docker/docker-mssql-2022.dockerfile
index b58bb3a4..b2219075 100644
--- a/docker/docker-mssql-2022.dockerfile
+++ b/docker/docker-mssql-2022.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/mssql/server:2022-latest
 
-COPY --chmod=444 certs/server.* /certs/
-COPY --chmod=444 certs/customCA.* /certs/
+COPY --chmod=444 docker/certs/server.* /certs/
+COPY --chmod=444 docker/certs/customCA.* /certs/
 COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file

From bcf787649c90bafa140cd2d3aef1d426dca8ac09 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 23:08:06 +0000
Subject: [PATCH 23/27] Certificate fixes - testing

---
 docker/docker-azure-sql-edge.dockerfile | 2 +-
 docker/docker-mssql-2017.dockerfile     | 2 +-
 docker/docker-mssql-2019.dockerfile     | 2 +-
 docker/docker-mssql-2022.dockerfile     | 2 +-
 tests/custom-cert.rs                    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docker/docker-azure-sql-edge.dockerfile b/docker/docker-azure-sql-edge.dockerfile
index dd27394f..501a31f2 100644
--- a/docker/docker-azure-sql-edge.dockerfile
+++ b/docker/docker-azure-sql-edge.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/azure-sql-edge:latest
 
 COPY --chmod=440 docker/certs/server.* /certs/
 COPY --chmod=440 docker/certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
+COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile
index 7b301869..03cc829b 100644
--- a/docker/docker-mssql-2017.dockerfile
+++ b/docker/docker-mssql-2017.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/mssql/server:2017-latest
 
 COPY --chmod=440 docker/certs/server.* /certs/
 COPY --chmod=440 docker/certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
+COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2019.dockerfile b/docker/docker-mssql-2019.dockerfile
index 1d711232..e620444e 100644
--- a/docker/docker-mssql-2019.dockerfile
+++ b/docker/docker-mssql-2019.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/mssql/server:2019-latest
 
 COPY --chmod=440 docker/certs/server.* /certs/
 COPY --chmod=440 docker/certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
+COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2022.dockerfile b/docker/docker-mssql-2022.dockerfile
index b2219075..ec89802b 100644
--- a/docker/docker-mssql-2022.dockerfile
+++ b/docker/docker-mssql-2022.dockerfile
@@ -2,4 +2,4 @@ FROM mcr.microsoft.com/mssql/server:2022-latest
 
 COPY --chmod=444 docker/certs/server.* /certs/
 COPY --chmod=444 docker/certs/customCA.* /certs/
-COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
+COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 5e4a42ed..8aeed94e 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -101,4 +101,4 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
         assert!(client.is_err());
         Ok(())
     })
-}
\ No newline at end of file
+}

From a6c8ae649306b916c85960ec1553b2912f4db634 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 23:27:29 +0000
Subject: [PATCH 24/27] Certificate fixes - testing

---
 .github/workflows/test.yml                                     | 3 ++-
 ...azure-sql-edge.dockerfile => docker-mssql-azure.dockerfile} | 0
 2 files changed, 2 insertions(+), 1 deletion(-)
 rename docker/{docker-azure-sql-edge.dockerfile => docker-mssql-azure.dockerfile} (100%)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3d9160eb..e59af63f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -70,7 +70,8 @@ jobs:
         - 2019
     env:
       TIBERIUS_TEST_INSTANCE: "MSSQLSERVER"
-      TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true"
+      # TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true"
+      TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true"
 
     steps:
     - uses: actions/checkout@v5
diff --git a/docker/docker-azure-sql-edge.dockerfile b/docker/docker-mssql-azure.dockerfile
similarity index 100%
rename from docker/docker-azure-sql-edge.dockerfile
rename to docker/docker-mssql-azure.dockerfile

From 7ab0425899a56d007aa9e714f37260533d92a722 Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Mon, 10 Nov 2025 23:34:08 +0000
Subject: [PATCH 25/27] Certificate fixes - testing

---
 .github/workflows/test.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e59af63f..d1c95e7c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,6 +28,10 @@ jobs:
       fail-fast: false
       matrix:
         engine: [ 2017, 2019, 2022, "azure" ]
+    env:
+      TIBERIUS_TEST_INSTANCE: "MSSQLSERVER"
+      # TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true"
+      TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true"
 
     steps:
     - name: Checkout repository

From ad3b79de6a2d51a6d0be9d7b56013a943e3a0b23 Mon Sep 17 00:00:00 2001
From: Eric Sheppard <github@eric.sheppard.cloud>
Date: Tue, 18 Nov 2025 16:10:37 +1100
Subject: [PATCH 26/27] update certs generation

---
 .gitignore                                   |  2 +
 docker/certs/README.md                       |  9 ---
 docker/certs/customCA.crt                    | 29 -------
 docker/certs/customCA.key                    | 54 -------------
 docker/certs/customCA.srl                    |  0
 docker/certs/generate-ca.sh                  | 16 ----
 docker/certs/generate-signed-cert.sh         |  0
 docker/certs/passphrase.txt                  |  1 -
 docker/certs/server-full.crt                 | 60 --------------
 docker/certs/server.crt                      | 31 --------
 docker/certs/server.key                      | 52 ------------
 docker/certs/server.pem                      | 83 --------------------
 docker/certs/signing-request.config.template | 20 -----
 docker/docker-mssql-2017.dockerfile          |  4 +-
 docker/docker-mssql-2019.dockerfile          |  4 +-
 docker/docker-mssql-2022.dockerfile          |  4 +-
 docker/docker-mssql-azure.dockerfile         |  4 +-
 docker/docker-mssql.conf                     |  4 +-
 generate.sh                                  |  6 ++
 tests/custom-cert.rs                         | 14 ++--
 xtask/src/main.rs                            | 41 ++++++----
 21 files changed, 51 insertions(+), 387 deletions(-)
 delete mode 100644 docker/certs/README.md
 delete mode 100644 docker/certs/customCA.crt
 delete mode 100644 docker/certs/customCA.key
 delete mode 100644 docker/certs/customCA.srl
 delete mode 100755 docker/certs/generate-ca.sh
 delete mode 100755 docker/certs/generate-signed-cert.sh
 delete mode 100755 docker/certs/passphrase.txt
 delete mode 100644 docker/certs/server-full.crt
 delete mode 100644 docker/certs/server.crt
 delete mode 100644 docker/certs/server.key
 delete mode 100644 docker/certs/server.pem
 delete mode 100755 docker/certs/signing-request.config.template
 create mode 100755 generate.sh

diff --git a/.gitignore b/.gitignore
index 147270ed..c19d2fb3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ Cargo.lock
 .idea
 .direnv/
 .vscode
+mssql.crt
+mssql.key
diff --git a/docker/certs/README.md b/docker/certs/README.md
deleted file mode 100644
index 9d18788b..00000000
--- a/docker/certs/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-Certificate generation
-----------------------
-
-In order to prepare the necessary self-signed certificates run the following commands
-
-    ./generate-ca.sh
-    ./generate-signed-cert.sh server
-
-The first script creates a new signing-certificate, the second will then create new certificates with the given name, signed by the customCA.crt.
diff --git a/docker/certs/customCA.crt b/docker/certs/customCA.crt
deleted file mode 100644
index 0eff4f58..00000000
--- a/docker/certs/customCA.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE/zCCAuegAwIBAgIUATFLyERaRfsQiPasMC5l0vrBMUMwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yMjA0MDYxMjAxNDVaFw0yNzExMTQxMjAx
-NDVaMA8xDTALBgNVBAMMBEFjbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCmErbo7baWUTsGaVMBCAmEuSqzxEPJpiAWFewreWliT3tA2XAIDkSfeZwa
-yHDs1noFZN4HBTyLkxay0EHVUpTk/qIZEbGFEiYHDnX68HtFVj63tMQMjoH2itAw
-c3DHEZqt2PB03NU7iUwBoXLVSTWyVBOUFac4CobSh7h9dGRZFSweOXMETZxDt/cH
-OrzElzYPISxU/EIohiGSuTgSSEdxqVbNgYYE17D/envs84SXA8AbymbwshoEGhpj
-ljWWHXame8foh3zVyfIqSXRmMZumxeJtjl0qAkb4eq7drWAfbw8fn6I5vK+Mzo4l
-sbKugd8GAI/DvRcrg2MuDDfIGPViFeodh5dwUrL2rYA7YAqhBB/J/0pnaD83JrDZ
-u50/XBnmvFJNqp7sQdqVa4oRQJTwzJhW1eo6HuoVfjPH247LhUXoWgwqhFW+AWJB
-OTcf19ui8/ZJd258B9A6gaWcjvjEtPbJAOhVGjfKKLpLUV6B6dFZhS39P0zu6xgQ
-hIvRgf07eOtUauq+AVtIYp3vNbFmFELdLShjEGOUVjKZmll13tikvYn6w0dz07aA
-Q78r1nZUO/fcdjNpJ6td3ikPoj3AOnH9qOo6W20/6l6yo5f1Mzx/H497ym5a92IC
-v3iymhTe7S3WPi/Ga8NDSTmnw2It+tRmm48lNCPZsRKDqbP9vwIDAQABo1MwUTAd
-BgNVHQ4EFgQURHcTzm1u6x8WiXeAWDblHzwBt9kwHwYDVR0jBBgwFoAURHcTzm1u
-6x8WiXeAWDblHzwBt9kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
-AgEACs6j0K09IYQk384RDvxgV4RfyM2K0ZQ+XadIICsYupYpDE8k4gK1q2sooxeQ
-78gOoknpcbINVTMX0EJ64JWGJF3kXODgyMp9hDQyRrFIZpUQwhFRnwYshdKrkLFM
-c4MQ4kZHc7Mah6pkE3yUXCiOJ5FuSTTneKz5nmXDcacqB2NPl5W6FUr2MFbgZTBM
-NMHyUrjh4EIAfN9X4gDSwQGihj28mpn+8bQ9MNk9kMNKzz4tBLpIbcnD/hUuRJ7r
-IKAx2ynKFA9y5RLQAfUvy7/9y4YeEMzbv1hBdbuNrzLR85nRkZ1ulZXGEbnmIYZi
-xR57aeiWBu8b2z4pkmT1Lw8dFBYYHzVWm1/JgwaAmeaXNGM/Uh/yrJ1VuxRaXvf3
-2AveaamWdbpXz9qK609CUbfmVXR+Sh2JgIDfkPftRcbiwJDAUtdOBO/4at2MDJ4L
-WikuZhttKMeRNd7KCUG5Ghy/T2XpMa6xS1927EUDN0Rv3gXcJ/qPmWFqI5xAAeh7
-ZkZ87w6XjpUaMbUlszR+EgpgD32NGfrWOPGFCipT3q+KGN0orWHlWus9l3uESf5l
-OXZzPNAwr/qlK37QETSt03Gg4s9613HJ61cmuh7B2Z4DjlhxKCM5sgOXUozOG7Ix
-uFkUxUQtrnwcemtW05tn4ycgIHWASOeQrdOubszMU5yrREE=
------END CERTIFICATE-----
diff --git a/docker/certs/customCA.key b/docker/certs/customCA.key
deleted file mode 100644
index cf0d5167..00000000
--- a/docker/certs/customCA.key
+++ /dev/null
@@ -1,54 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,3D346DDB5BD4773F
-
-Ub2rB4q5TtVC4JgcpSn6cpM+ZfMLYAmk9pL6iY004daCdLVUdxXa+yhBUUAUYUP0
-BtaYEST5nwGQcu2HZBar0pFalmyCE4p+ItlHwnZlsZeSJjyEXrOZm0GD97OQRATz
-CJ1OCF+3gjvQ+kg/gL31IQJqNhg4jBtNT83X/N2q8zDcS3ANDeI2oh0+IFknLLkM
-Aq+yZEtwqL2G1yIVc1ncKRrhgJUTwWj1nCTN3q1Tn6AmdGwhhq5SKHKPdFs20j1m
-kz8YtUtFJQWLj6iUG4ocjCE6iBdn6hl23JUTrDsTt32ufwI23Tjpq2kdCT6+7b8t
-9hP8II+eC0P+MuOC5tmdHXV6wNU3ekjmzz3Xn86LSI0ZmkCADvS/aPyfjtummgh7
-yiygF83lLR9rzpKaaJs91urtRXMVMLk9bCMgkLYfscv0Ad9gf/9YSS95Jfmwhr3B
-IveGMDzyoO9rfK6FT8O08chgTRB/ekp2UOxPsVdScUITf4jwmWW6gs/rFJsQy+Ud
-awJjTVDK3YM1QHvD9ekgOlaQs2yNXgsMP+SUm3GpZph2LRebNqzc+byLWqjP4wVT
-flNcTVxXs/wWKjJ8Q2eIQYt5IrzHY+M1nyl1aF5Q5Exmxc59FdSVLqYlq2EUjgCa
-vyMjGMfeo1UJvLPnMpE9CW2EOePoaPtfzP0V427oBU4fvOKOIxtoP+QjNlTeHV+/
-KGkd8IP1wnYR4bPnJWjnP+l5mJUTd4Ced+rWe68dKnU4w38dVnemBAXBAwGVO4O7
-L1OfAaZR/FL+C7OIUVzFg2nBtxXXZzPeLEedvD+TCQfAgoUvXaqJIBCT+MFjRHp4
-Y5KLFc6uvh8RFjNSm4u3kv9DTAcMq+z7XRpCqMO+XoBhEjJ8cvwLxcSJvpAH9gAi
-0tNE/v3V9c5nDGcJQpT+D4/NB1qqLWo7OXhoSm3HDU9KMsr2zC2RHYzbOeTOuSKv
-Ux8m6ta+djHvS7Fe26x2NTJ/ob2Oeud8RDmtVfknzsI7NGJBedOQmesk5p8E1LZm
-YIjfOtilPk8/Hp7wn/o6S47TaK2jN6laZhas7plT82si9q7CwtUm3x6LN9pRR9i0
-0AsgbrRItU6J5XMFbLhBl/Pkc0kAa/97xVoRrrr2WT9t00CmUEVKchufz4ayAR1S
-BBL5JAiGSi5rn0ukle4597ZnBgmWYyvIBQpoyno6Yo2M3g6i9yitktEklRQCd+K7
-d/WyUxi9jKQJllrqLwFA6frot9OFR8DJqbddL2g1WkYkp2hrsGPqvRXIdp61+yNJ
-iv7XA2Wvg0pjR88ztKpoP+IpT8MOo3xvnnKKbcsrVezeK8c6hEqzcY5McUq+hLF4
-G+XyLStCoeULeCtU9pSDII41JXU4OThuzyZGCx150vrpCZgp32/pEGvy6yVnJkyb
-Z+ArykmxeSar80vpstBzx97x9t65ZWb/BmrzvPOd5xG813ZXxAoICuDzKdIc4gaU
-D0rUJM0jUw0lAMz4o69tjQwNDp6sQ7khVFafF3yvEdObaHtOKMC8asYuxmczwzS2
-eo76lUE/ONA2MMjwxch1/++MCo8aGrVPuPBuEAZF1BUHxxqGElc59UzqH9cp/VIF
-p5JEtqptZlv/1UcvoNWQkStq5n91SNjQyoqs5baF1j8/cPXS1FdJ2YxDM6Dvq/1r
-jc+HWXNpaQvkXBZ6j4CW9rC3xeam6cfgC7/3fdW4CKVenrsv84fH9iqvMRi7wOfC
-07+9J8tM8DYr9LSBR42+JJj2lGjBrwxhHH9XpBW12/c4Nc+qjIoyzg6Pk35E3K+t
-Cmcrrl1dghHvjHET3j9Sy7bGAFfyde6YpA9ak9EX7GvYH4b5fIzI08gpKYDjDZTG
-WkoR+9PgLnLCMr4gzEq3VSzmIkoZ6+1320dZME9arEKgT9qjdlMs+VyJrzp6aalm
-Btmxf6k4CTqJ86Iid991ZrZzIrBBtvzYs8yboayht79HYEfUr5pF+N/bmqU99h7t
-FHk1QPwYKaIaU5Wcb7UmLfi0FLaeUErq+OhqtgXXGGu3yzw/9zrh3azcWkBGteeu
-GaE4CMLxVsu24EUPKnuG4s7o209w924lT7Wjc8I2lqFCwLgCNZ4yx6OxO4q59HK5
-cUvb3uZvrKT0CRXfkAz0cGb/4foZEfKcb2FeEpcXfkZxD6+hBOTI7ecrN5H2uU07
-tEyHl/nP/kOfVmdbjFX5FFfxqB0Dl/kj4ZQgHsKhYvY8cbGRoZLhs4ar1OGRY5pC
-PUu5/SjXbzS0dmePqUsuztkDX4x2Vcdh3tg7B5Q8wUbRRCChfPZCEhpofrlJKOku
-4JWb9NjolytICh3DoOPFhrrm5NMpq5h8mcdMNU9vBN2zd/uuaJnVarxHVKt8iPE7
-Ub4o5sg+4u3Xe3y8cASPK2SN7zxx3wrOYlsp9GcuMNqQ0XDbnYoG7ncGKt4Af10m
-Cbh1pVvGk9pSS5+XOBXfeGN5C75w4MCWICDp3i6RLW7xVgC4jE8567540bHZJWrj
-AtpIyKrEbdDfjvB+NEgoXa3db8Od0EvxTjiCSZZ98lEreXwYxidwUCjcM5ZoFcMO
-wk7AmpfGr5mk2rYc/a8/Th1MhQrSk4g56PChgostN/GGjykMvBUahDiphr/UwP+1
-GdR/etZP2RGH05VQpA2vSOwvJRg0xC0gvjkrSj+GU3GKS/OHvTX/iZ3/k6Af8WBK
-LG/SQVDqNdEhT5va7VaiLMJzs71sVY/uGv17iMrq+1ZTLWUt9ZSe8d7/tCrubwsh
-8Bg9L616rRy57fh2GMcgcSXMfBBK1f7954xSc4FF1M6q8HT3yT/JmJvRl0p5EB9n
-3GYzafI2CqmV1OUPd00LCBhHxybmrG/x3W9wCcampfcpgbvg9p1oqxjHaz7iRgyP
-OuI8M9oZVjMhLG17R+hm6+Gsd1CLFEyKF7QL/+HJXiY+R4uCZi45L3jqDPBtwAXN
-HoCZg39AnM0ZF4F1Qi2DFytswpAFWYAxjXwtXzcPPBbB5h05E1XEjV+qNCVlVosN
-Oh0N6mrguYbbP2ZGUU9+upFFxUiCbl0PRB+zpqqqc+GFzw/SsPsn1poUYLhyjR2F
-YF2SEm4h0lrsIz1EU8//KTQ+6EOwhXQVslsm43xoQYitTjyPgSlorqQeHHl7L4ju
------END RSA PRIVATE KEY-----
diff --git a/docker/certs/customCA.srl b/docker/certs/customCA.srl
deleted file mode 100644
index e69de29b..00000000
diff --git a/docker/certs/generate-ca.sh b/docker/certs/generate-ca.sh
deleted file mode 100755
index 828c34a8..00000000
--- a/docker/certs/generate-ca.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-set -o pipefail
-
-if ! test -f "customCA.crt"; then
-  echo Generating Key
-  openssl genrsa -des3 -passout file:passphrase.txt -out customCA.key 4096
-  echo Generating CA-Cert
-  openssl req -x509 -new -nodes \
-    -key customCA.key \
-    -sha256 -days 2048 \
-    -subj "/CN=Acme" \
-    -passin file:passphrase.txt \
-    -out customCA.crt
-fi;
\ No newline at end of file
diff --git a/docker/certs/generate-signed-cert.sh b/docker/certs/generate-signed-cert.sh
deleted file mode 100755
index e69de29b..00000000
diff --git a/docker/certs/passphrase.txt b/docker/certs/passphrase.txt
deleted file mode 100755
index 26c02c06..00000000
--- a/docker/certs/passphrase.txt
+++ /dev/null
@@ -1 +0,0 @@
-4711
\ No newline at end of file
diff --git a/docker/certs/server-full.crt b/docker/certs/server-full.crt
deleted file mode 100644
index 31ceafd7..00000000
--- a/docker/certs/server-full.crt
+++ /dev/null
@@ -1,60 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw
-MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl
-cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w
-iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v
-qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J
-e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN
-/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU
-X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr
-nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT
-xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb
-9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F
-Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M
-0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw
-FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU
-RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V
-aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j
-o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u
-MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E
-c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD
-KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz
-x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1
-tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL
-Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves
-7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq
-zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg
-HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIE/zCCAuegAwIBAgIUATFLyERaRfsQiPasMC5l0vrBMUMwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yMjA0MDYxMjAxNDVaFw0yNzExMTQxMjAx
-NDVaMA8xDTALBgNVBAMMBEFjbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCmErbo7baWUTsGaVMBCAmEuSqzxEPJpiAWFewreWliT3tA2XAIDkSfeZwa
-yHDs1noFZN4HBTyLkxay0EHVUpTk/qIZEbGFEiYHDnX68HtFVj63tMQMjoH2itAw
-c3DHEZqt2PB03NU7iUwBoXLVSTWyVBOUFac4CobSh7h9dGRZFSweOXMETZxDt/cH
-OrzElzYPISxU/EIohiGSuTgSSEdxqVbNgYYE17D/envs84SXA8AbymbwshoEGhpj
-ljWWHXame8foh3zVyfIqSXRmMZumxeJtjl0qAkb4eq7drWAfbw8fn6I5vK+Mzo4l
-sbKugd8GAI/DvRcrg2MuDDfIGPViFeodh5dwUrL2rYA7YAqhBB/J/0pnaD83JrDZ
-u50/XBnmvFJNqp7sQdqVa4oRQJTwzJhW1eo6HuoVfjPH247LhUXoWgwqhFW+AWJB
-OTcf19ui8/ZJd258B9A6gaWcjvjEtPbJAOhVGjfKKLpLUV6B6dFZhS39P0zu6xgQ
-hIvRgf07eOtUauq+AVtIYp3vNbFmFELdLShjEGOUVjKZmll13tikvYn6w0dz07aA
-Q78r1nZUO/fcdjNpJ6td3ikPoj3AOnH9qOo6W20/6l6yo5f1Mzx/H497ym5a92IC
-v3iymhTe7S3WPi/Ga8NDSTmnw2It+tRmm48lNCPZsRKDqbP9vwIDAQABo1MwUTAd
-BgNVHQ4EFgQURHcTzm1u6x8WiXeAWDblHzwBt9kwHwYDVR0jBBgwFoAURHcTzm1u
-6x8WiXeAWDblHzwBt9kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
-AgEACs6j0K09IYQk384RDvxgV4RfyM2K0ZQ+XadIICsYupYpDE8k4gK1q2sooxeQ
-78gOoknpcbINVTMX0EJ64JWGJF3kXODgyMp9hDQyRrFIZpUQwhFRnwYshdKrkLFM
-c4MQ4kZHc7Mah6pkE3yUXCiOJ5FuSTTneKz5nmXDcacqB2NPl5W6FUr2MFbgZTBM
-NMHyUrjh4EIAfN9X4gDSwQGihj28mpn+8bQ9MNk9kMNKzz4tBLpIbcnD/hUuRJ7r
-IKAx2ynKFA9y5RLQAfUvy7/9y4YeEMzbv1hBdbuNrzLR85nRkZ1ulZXGEbnmIYZi
-xR57aeiWBu8b2z4pkmT1Lw8dFBYYHzVWm1/JgwaAmeaXNGM/Uh/yrJ1VuxRaXvf3
-2AveaamWdbpXz9qK609CUbfmVXR+Sh2JgIDfkPftRcbiwJDAUtdOBO/4at2MDJ4L
-WikuZhttKMeRNd7KCUG5Ghy/T2XpMa6xS1927EUDN0Rv3gXcJ/qPmWFqI5xAAeh7
-ZkZ87w6XjpUaMbUlszR+EgpgD32NGfrWOPGFCipT3q+KGN0orWHlWus9l3uESf5l
-OXZzPNAwr/qlK37QETSt03Gg4s9613HJ61cmuh7B2Z4DjlhxKCM5sgOXUozOG7Ix
-uFkUxUQtrnwcemtW05tn4ycgIHWASOeQrdOubszMU5yrREE=
------END CERTIFICATE-----
diff --git a/docker/certs/server.crt b/docker/certs/server.crt
deleted file mode 100644
index 95e4d43e..00000000
--- a/docker/certs/server.crt
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw
-MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl
-cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w
-iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v
-qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J
-e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN
-/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU
-X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr
-nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT
-xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb
-9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F
-Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M
-0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw
-FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU
-RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V
-aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j
-o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u
-MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E
-c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD
-KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz
-x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1
-tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL
-Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves
-7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq
-zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg
-HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e
------END CERTIFICATE-----
diff --git a/docker/certs/server.key b/docker/certs/server.key
deleted file mode 100644
index 7e60bb02..00000000
--- a/docker/certs/server.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO0oLtSWgm7EYx
-o6yVabu8QNx3xiRwL0/g8yoNNLSqCv8hd4rUsHU+3bCIRjgHP8F3duiPYgyBHNP2
-CO0mgPpjcBrfZRanVOCsO0tDoGezfR3qw12TvEnmb2+ozdmklJ0s0qiW+V1x1tRZ
-CS2EpQICs1DMdSgcjvQ81kYoTqKKRaiq86/jFSrcvwl7k7Czx/Dw1jxPJokCIcTz
-M4fSRTJEZpWnb6S7qo0csU9ouT+ImOUyzUJ+x1Q2M0383liHBjEXuKQiGyc1dXv8
-AcpB4zTPmOUPvhXCeq67JdzQyCrgj33GDucldA0sp1Rfu2EMnwEl0ozuLwoqf9SA
-OhTZRIiIXXHwaypnMVH/8tL2W36f+6124R0FftS3Suue/aVBmEvjfXeHLN2/R/mB
-oSMICd1Be7+ir1K60kMBre6zMd6OLIERaCl9jvGJpNPF/lcxO576FvCu5cuVf4fS
-10f1b8Fa5Pv5FHcffmcpngUvI0bSDeOgvmVrdYiFEdv08/mFlIHox/Wada4FaInr
-cwnMBWx+7DIEyKvx95FuP5i8jprM9d+TPzvg51ac30VmLoZRbLfPhQDCcLQ5c7lb
-AfnqAd9mL27ZLvRmGjiM8+cXc4/YqtUlJA2tz2rALUzQck1xjD07gRGcjk5iRyUR
-p+sr3xVVE+Ge4osNqTfWN6dSHifA0QIDAQABAoICAADFLMzFjAZPlVIWYQRYLcVd
-ZDjLt4tlqLVusGSW0niq5HD3ZxBkVRZyKMf0I32m65F2Y1az27YwIVuyZDAzVSNh
-Sa9U6vr97F2F1cGbZ4F2DQJInpjID+okVnkNZbLoxQZThUJVLMd5kGZBvA45N1cD
-XBDb25WyJFeU6HNaWh171Y1H7arxw2xpp3dS6Sq9OxDpilVU4FgeQDOT6LzEKlQS
-AfsK9dUHVUHS6Pfbz0BS6fEYzbdnRoFyatcfDJs5nx2Oj+lq2pg2zxq01sAMsJ/Y
-ittWdtIn5u5OXXp3UV4PWL1/5RVZD5q/x4cY/Xs4nR5rAKB7Mz1t5xCgbr8Ro9TE
-9PVzrbGy8hCWW0Yz+zhwIsDrtkQ7RGIg95W7IjaxnrjCUszK0xG1hXpce1qg1EN0
-rF4u7pU0qEWw4piLfIXepVZxVo27dOYj9qEpDkGiVYXCJ3+HifHBt5tE/rVkStF3
-dzihxyk5E7F4wJd9tz2xAMxFSgG3IeEZ3IOCxFWJib6micXZJ2n6N9uuUnHGW3D2
-o7FC02G1gXsxxgY871b8G6mFyGhmfEJxqrIvek8fBvvgOPWKnroLqJprxYow6miE
-QU6yC4C/1RZgn/l6kj9jz2r6BY2nVjhHjbLGTh9bsqf5dCPdJV01FsVMiJqUzg5+
-HR5XJSf1hXRx/egBYdaBAoIBAQD3Hb12rwXRVaf38wth4VMaZr1Dxgkt0/X58LTf
-SXPzGMChqnhBKdNHPv4pfWpBbvKBPWUcd+uBylgABl4xD8QH6VcspRWdgAJjul4K
-RCRdWJtt0nxOqU4KitaBWOM7d6Ec3oCCaOZI5ZT+6Hj+X/RmAwd9acNM8NQ5166y
-AyVQfO+2QvWRgLWxyYnBIRYkPU0L+ItkBxWpe0W8bRCj2ilAP+UCH0VSGMsnkzKw
-y2HQtLGu8EBODmoW36qeYFYf6iKTMQpdtwyRYjjVq5smYSfJPy5WvdIOvcbcpI4I
-Edpd1GvdjcwdfTKPiCvhDgpjQUCEOeLaKvszSFAxsSyyMFRRAoIBAQDWQfBWEwLT
-jFZ9N07xkMxG4qA28KUXIHZ53DkEQmrDYQWSpJ6OfrhQgwtX9CtTMoyrG4gw1IDJ
-lAcx91o6GVkC4CP8+ssvhPZi+KD9iVAI61hg3gVyxvndXgYg2xBeJ8IBm7Jkg5HK
-A9tZW8jEfH+nO6HhszY0r9VNov2naRwGGZ9JgGpcMvFN5taXOhierfk3L63zaJPJ
-Mx8Aaspxlk7u9ommZ1jkdpmczUzPfEpyRfSD9qoKxA4GOYPxDCUSkAyy6XzlF4rg
-AKetXg5yDNa2Y4MXfbIK40Oh1wz7e9yZDjovSxonjC141RD8ybyOXhfsK67oMMME
-J0gxhBR3vASBAoIBAG0jJVoVUmxxeA15ub0w1pMCbPRRshwbULdiJ3+14Q+sDudX
-cmTVJAqDN5z7VsIvTcrmYpGAJPLdeqAIL/FbFSipVWbSQgmdT3DcDkxaa/UN/Rcz
-rtLO0zi0uKfHqhPJcc5eNkNiMNJhErzBzy4JEtc630P0QdzpP9GMAAt+eCxkATpt
-uCbawWQTrlMtWaoHqM9wpZ83wcloOBRP1tmGsFE/5tRZGzR23sJLsEeEi16xbwfj
-84KFuzT+80ufIGpX7Y00S2+4OES9LHyxnYQFxJyM2tpUW0FHb1xjEJdfyyFFf54J
-0ev0LzBU44wxt0S+vM+pARd5hBfSCBjqNuM7lQECggEALhpmMr9IfmjWO39pN0Wn
-DyG4w9moTH+pvrMKecYo3v3Dizhs/dB6rKhmCnj50Z8w8ais94TiaX22xqOpAJNv
-udStKcR1cDY2JjnFuoiPdjvd+ooLthTmsyGGRA+fSANaFaqBCmvdNRD7ZBEB9HWt
-qjiEruI3KcMkLN6DokBVzWI6CkDdohU8Iz0ms8fGgG6DD8LstVGtaz/azeYsxaBI
-P9dA61OVpyN2Dm2Gt6bRBiHTaYnsMQDa27AImhe46nOgp+bh/xG/yk+ZxQ5WIWht
-0zU6ghWD+B/K78osevi+ERkkoASTDit1pWiDjUGDl0bb8u+7ZS8I553kRPNczB7j
-AQKCAQEA9wJW7rWBuIVMUymSqynSvy4SqClOX2IKFbsJqqe3PO5dby/8YnxPXOZK
-lq7gSXWfSgTN29JY5beVBLJI66spSTiz6AP4/iWQqCpzw9VM0Gv7GxIasZmfP+tp
-l4JV8+yAElOFd1IhjV3RKGU1fGPGJfstIBt5eXQCSVQyQaFYQeGYE0KU5AUD6lvY
-6R9irgVicVa9x1eq5HVcTVYb0gFs4zSZ1YlpqTc/i1ttZEWGyzmOK5cMX2iOeou7
-H/IZyIjtTm6edWgUANXhZdDss3gBUitLUpne579efdPCTJ4vqRjEA8tjZeGgmJpf
-Oeu1HE+LelnM2vOc9TtbJC9FrC8nYw==
------END PRIVATE KEY-----
diff --git a/docker/certs/server.pem b/docker/certs/server.pem
deleted file mode 100644
index 7acbb192..00000000
--- a/docker/certs/server.pem
+++ /dev/null
@@ -1,83 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO0oLtSWgm7EYx
-o6yVabu8QNx3xiRwL0/g8yoNNLSqCv8hd4rUsHU+3bCIRjgHP8F3duiPYgyBHNP2
-CO0mgPpjcBrfZRanVOCsO0tDoGezfR3qw12TvEnmb2+ozdmklJ0s0qiW+V1x1tRZ
-CS2EpQICs1DMdSgcjvQ81kYoTqKKRaiq86/jFSrcvwl7k7Czx/Dw1jxPJokCIcTz
-M4fSRTJEZpWnb6S7qo0csU9ouT+ImOUyzUJ+x1Q2M0383liHBjEXuKQiGyc1dXv8
-AcpB4zTPmOUPvhXCeq67JdzQyCrgj33GDucldA0sp1Rfu2EMnwEl0ozuLwoqf9SA
-OhTZRIiIXXHwaypnMVH/8tL2W36f+6124R0FftS3Suue/aVBmEvjfXeHLN2/R/mB
-oSMICd1Be7+ir1K60kMBre6zMd6OLIERaCl9jvGJpNPF/lcxO576FvCu5cuVf4fS
-10f1b8Fa5Pv5FHcffmcpngUvI0bSDeOgvmVrdYiFEdv08/mFlIHox/Wada4FaInr
-cwnMBWx+7DIEyKvx95FuP5i8jprM9d+TPzvg51ac30VmLoZRbLfPhQDCcLQ5c7lb
-AfnqAd9mL27ZLvRmGjiM8+cXc4/YqtUlJA2tz2rALUzQck1xjD07gRGcjk5iRyUR
-p+sr3xVVE+Ge4osNqTfWN6dSHifA0QIDAQABAoICAADFLMzFjAZPlVIWYQRYLcVd
-ZDjLt4tlqLVusGSW0niq5HD3ZxBkVRZyKMf0I32m65F2Y1az27YwIVuyZDAzVSNh
-Sa9U6vr97F2F1cGbZ4F2DQJInpjID+okVnkNZbLoxQZThUJVLMd5kGZBvA45N1cD
-XBDb25WyJFeU6HNaWh171Y1H7arxw2xpp3dS6Sq9OxDpilVU4FgeQDOT6LzEKlQS
-AfsK9dUHVUHS6Pfbz0BS6fEYzbdnRoFyatcfDJs5nx2Oj+lq2pg2zxq01sAMsJ/Y
-ittWdtIn5u5OXXp3UV4PWL1/5RVZD5q/x4cY/Xs4nR5rAKB7Mz1t5xCgbr8Ro9TE
-9PVzrbGy8hCWW0Yz+zhwIsDrtkQ7RGIg95W7IjaxnrjCUszK0xG1hXpce1qg1EN0
-rF4u7pU0qEWw4piLfIXepVZxVo27dOYj9qEpDkGiVYXCJ3+HifHBt5tE/rVkStF3
-dzihxyk5E7F4wJd9tz2xAMxFSgG3IeEZ3IOCxFWJib6micXZJ2n6N9uuUnHGW3D2
-o7FC02G1gXsxxgY871b8G6mFyGhmfEJxqrIvek8fBvvgOPWKnroLqJprxYow6miE
-QU6yC4C/1RZgn/l6kj9jz2r6BY2nVjhHjbLGTh9bsqf5dCPdJV01FsVMiJqUzg5+
-HR5XJSf1hXRx/egBYdaBAoIBAQD3Hb12rwXRVaf38wth4VMaZr1Dxgkt0/X58LTf
-SXPzGMChqnhBKdNHPv4pfWpBbvKBPWUcd+uBylgABl4xD8QH6VcspRWdgAJjul4K
-RCRdWJtt0nxOqU4KitaBWOM7d6Ec3oCCaOZI5ZT+6Hj+X/RmAwd9acNM8NQ5166y
-AyVQfO+2QvWRgLWxyYnBIRYkPU0L+ItkBxWpe0W8bRCj2ilAP+UCH0VSGMsnkzKw
-y2HQtLGu8EBODmoW36qeYFYf6iKTMQpdtwyRYjjVq5smYSfJPy5WvdIOvcbcpI4I
-Edpd1GvdjcwdfTKPiCvhDgpjQUCEOeLaKvszSFAxsSyyMFRRAoIBAQDWQfBWEwLT
-jFZ9N07xkMxG4qA28KUXIHZ53DkEQmrDYQWSpJ6OfrhQgwtX9CtTMoyrG4gw1IDJ
-lAcx91o6GVkC4CP8+ssvhPZi+KD9iVAI61hg3gVyxvndXgYg2xBeJ8IBm7Jkg5HK
-A9tZW8jEfH+nO6HhszY0r9VNov2naRwGGZ9JgGpcMvFN5taXOhierfk3L63zaJPJ
-Mx8Aaspxlk7u9ommZ1jkdpmczUzPfEpyRfSD9qoKxA4GOYPxDCUSkAyy6XzlF4rg
-AKetXg5yDNa2Y4MXfbIK40Oh1wz7e9yZDjovSxonjC141RD8ybyOXhfsK67oMMME
-J0gxhBR3vASBAoIBAG0jJVoVUmxxeA15ub0w1pMCbPRRshwbULdiJ3+14Q+sDudX
-cmTVJAqDN5z7VsIvTcrmYpGAJPLdeqAIL/FbFSipVWbSQgmdT3DcDkxaa/UN/Rcz
-rtLO0zi0uKfHqhPJcc5eNkNiMNJhErzBzy4JEtc630P0QdzpP9GMAAt+eCxkATpt
-uCbawWQTrlMtWaoHqM9wpZ83wcloOBRP1tmGsFE/5tRZGzR23sJLsEeEi16xbwfj
-84KFuzT+80ufIGpX7Y00S2+4OES9LHyxnYQFxJyM2tpUW0FHb1xjEJdfyyFFf54J
-0ev0LzBU44wxt0S+vM+pARd5hBfSCBjqNuM7lQECggEALhpmMr9IfmjWO39pN0Wn
-DyG4w9moTH+pvrMKecYo3v3Dizhs/dB6rKhmCnj50Z8w8ais94TiaX22xqOpAJNv
-udStKcR1cDY2JjnFuoiPdjvd+ooLthTmsyGGRA+fSANaFaqBCmvdNRD7ZBEB9HWt
-qjiEruI3KcMkLN6DokBVzWI6CkDdohU8Iz0ms8fGgG6DD8LstVGtaz/azeYsxaBI
-P9dA61OVpyN2Dm2Gt6bRBiHTaYnsMQDa27AImhe46nOgp+bh/xG/yk+ZxQ5WIWht
-0zU6ghWD+B/K78osevi+ERkkoASTDit1pWiDjUGDl0bb8u+7ZS8I553kRPNczB7j
-AQKCAQEA9wJW7rWBuIVMUymSqynSvy4SqClOX2IKFbsJqqe3PO5dby/8YnxPXOZK
-lq7gSXWfSgTN29JY5beVBLJI66spSTiz6AP4/iWQqCpzw9VM0Gv7GxIasZmfP+tp
-l4JV8+yAElOFd1IhjV3RKGU1fGPGJfstIBt5eXQCSVQyQaFYQeGYE0KU5AUD6lvY
-6R9irgVicVa9x1eq5HVcTVYb0gFs4zSZ1YlpqTc/i1ttZEWGyzmOK5cMX2iOeou7
-H/IZyIjtTm6edWgUANXhZdDss3gBUitLUpne579efdPCTJ4vqRjEA8tjZeGgmJpf
-Oeu1HE+LelnM2vOc9TtbJC9FrC8nYw==
------END PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw
-MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl
-cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w
-iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v
-qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J
-e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN
-/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU
-X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr
-nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT
-xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb
-9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F
-Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M
-0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw
-FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU
-RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V
-aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j
-o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u
-MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E
-c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD
-KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz
-x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1
-tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL
-Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves
-7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq
-zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg
-HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e
------END CERTIFICATE-----
diff --git a/docker/certs/signing-request.config.template b/docker/certs/signing-request.config.template
deleted file mode 100755
index 5fc6540e..00000000
--- a/docker/certs/signing-request.config.template
+++ /dev/null
@@ -1,20 +0,0 @@
-[ req ]
-prompt = no
-utf8 = yes
-default_bits = 4096
-distinguished_name = req_distinguished_name
-
-req_extensions = v3_req
-
-[ req_distinguished_name ]
-C=DE
-O=Acme
-OU=Tiberius
-CN=$CERT_CN
-
-[ v3_req ]
-subjectAltName = @alt_names
-extendedKeyUsage = serverAuth, clientAuth
-
-[alt_names]
-DNS.1 = localhost
diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile
index 03cc829b..cbb318af 100644
--- a/docker/docker-mssql-2017.dockerfile
+++ b/docker/docker-mssql-2017.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/mssql/server:2017-latest
 
-COPY --chmod=440 docker/certs/server.* /certs/
-COPY --chmod=440 docker/certs/customCA.* /certs/
+COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt
+COPY --chmod=440 mssql.key /var/opt/mssql/server.key
 COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2019.dockerfile b/docker/docker-mssql-2019.dockerfile
index e620444e..4e178c20 100644
--- a/docker/docker-mssql-2019.dockerfile
+++ b/docker/docker-mssql-2019.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/mssql/server:2019-latest
 
-COPY --chmod=440 docker/certs/server.* /certs/
-COPY --chmod=440 docker/certs/customCA.* /certs/
+COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt
+COPY --chmod=440 mssql.key /var/opt/mssql/server.key
 COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-2022.dockerfile b/docker/docker-mssql-2022.dockerfile
index ec89802b..480f1825 100644
--- a/docker/docker-mssql-2022.dockerfile
+++ b/docker/docker-mssql-2022.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/mssql/server:2022-latest
 
-COPY --chmod=444 docker/certs/server.* /certs/
-COPY --chmod=444 docker/certs/customCA.* /certs/
+COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt
+COPY --chmod=440 mssql.key /var/opt/mssql/server.key
 COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql-azure.dockerfile b/docker/docker-mssql-azure.dockerfile
index 501a31f2..d6ce3ce6 100644
--- a/docker/docker-mssql-azure.dockerfile
+++ b/docker/docker-mssql-azure.dockerfile
@@ -1,5 +1,5 @@
 FROM mcr.microsoft.com/azure-sql-edge:latest
 
-COPY --chmod=440 docker/certs/server.* /certs/
-COPY --chmod=440 docker/certs/customCA.* /certs/
+COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt
+COPY --chmod=440 mssql.key /var/opt/mssql/server.key
 COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf
\ No newline at end of file
diff --git a/docker/docker-mssql.conf b/docker/docker-mssql.conf
index ae86be59..aa83f996 100644
--- a/docker/docker-mssql.conf
+++ b/docker/docker-mssql.conf
@@ -1,5 +1,5 @@
 [network]
-tlscert = docker/certs/server.crt
-tlskey = docker/certs/server.key
+tlscert = /var/opt/mssql/server.crt
+tlskey = /var/opt/mssql/server.key
 tlsprotocols = 1.2
 forceencryption = 0
diff --git a/generate.sh b/generate.sh
new file mode 100755
index 00000000..6e3eb52b
--- /dev/null
+++ b/generate.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+set -e
+set -o pipefail
+
+openssl req -x509 -newkey rsa:4096 -keyout mssql.key -out mssql.crt -sha256 -nodes -days 3650 -subj /CN=tiberius -addext subjectAltName=DNS:localhost
\ No newline at end of file
diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs
index 8aeed94e..d6b7cce0 100644
--- a/tests/custom-cert.rs
+++ b/tests/custom-cert.rs
@@ -21,11 +21,11 @@ fn connect_to_custom_cert_instance_ado() -> Result<()> {
     let rt = Runtime::new()?;
 
     rt.block_on(async {
-        let mut config = Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificateCA=docker/certs/customCA.crt")?;
-        config.authentication(AuthMethod::sql_server(
-            "sa",
-            "<YourStrong@Passw0rd>",
-        ));
+        let mut config = Config::from_ado_string(
+            "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificateCA=mssql.crt",
+        )?;
+        config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
+        // config.trust_cert_ca("mssql.crt");
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
 
@@ -59,9 +59,10 @@ fn connect_to_custom_cert_instance_jdbc() -> Result<()> {
     rt.block_on(async {
         // Careful: the / in the TrustServerCertificateCA needs to be escaped
         let mut config = Config::from_jdbc_string(
-            "jdbc:sqlserver://localhost:1433;TrustServerCertificateCA=docker{/}certs{/}customCA.crt",
+            "jdbc:sqlserver://localhost:1433;TrustServerCertificateCA=mssql.crt",
         )?;
         config.authentication(AuthMethod::sql_server("sa", "<YourStrong@Passw0rd>"));
+        // config.trust_cert_ca("mssql.crt");
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
 
@@ -93,6 +94,7 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> {
         config.encryption(EncryptionLevel::On);
         config.host("localhost");
         config.port(1433);
+        // config.trust_cert_ca("mssql.crt");
 
         let tcp = TcpStream::connect(config.get_addr()).await?;
 
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index 6aafea43..13b82f49 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -9,6 +9,8 @@ fn main() {
     let mut args = env::args().skip(1);
     let cmd = args.next().unwrap_or_default();
 
+    let container_engine = env::var("CONTAINER_ENGINE").unwrap_or_else(|_| "docker".to_string());
+
     match cmd.as_str() {
         "container" => {
             // need to change unwrap_or_else in document
@@ -16,7 +18,7 @@ fn main() {
 
             // doesn't run tests
             let version = args.next().unwrap_or_else(|| "2019".into());
-            start_container(&version);
+            start_container(&version, &container_engine);
         }
         "test" => {
             // run the tests
@@ -25,15 +27,15 @@ fn main() {
         "local" => {
             // local runs test AND container
             let version = args.next().unwrap_or_else(|| "2019".into());
-            start_container(&version);
+            start_container(&version, &container_engine);
             // start_container calls wait_for_sql anyway
             run_tests(args.collect::<Vec<_>>());
-            stop_container(&version);
+            stop_container(&version, &container_engine);
         }
         "stop" => {
             // stops running containers
             let version = args.next().unwrap_or_else(|| "2019".into());
-            stop_container(&version);
+            stop_container(&version, &container_engine);
         }
         _ => {
             exit(1);
@@ -41,7 +43,13 @@ fn main() {
     }
 }
 
-fn start_container(version: &str) {
+fn start_container(version: &str, container_engine: &str) {
+    Command::new("bash")
+        .arg("-c")
+        .arg("./generate.sh")
+        .status()
+        .unwrap();
+
     let sa_password =
         env::var("SA_PASSWORD").unwrap_or_else(|_| "<YourStrong@Passw0rd>".to_string());
     let container_name = format!("mssql-{}", version);
@@ -51,17 +59,14 @@ fn start_container(version: &str) {
 
     println!("Cleaning up existing container, {}", container_name);
 
-    let _ = Command::new("docker")
+    Command::new(container_engine)
         .args(["rm", "-f", &container_name])
-        .status();
-
-    let _ = Command::new("docker")
-        .args(["", "", &container_name])
-        .status();
+        .status()
+        .unwrap();
 
     println!("Building image {} from {}...", image_tag, dockerfile);
 
-    let status = Command::new("docker")
+    let status = Command::new(container_engine)
         .args(["build", "-f", &dockerfile, "-t", &image_tag, "."])
         .status()
         .expect("Failed to build docker image");
@@ -73,7 +78,7 @@ fn start_container(version: &str) {
 
     println!("Starting SQL Server {} container...", version);
 
-    let status = Command::new("docker")
+    let status = Command::new(container_engine)
         .args([
             "run",
             "-d",
@@ -82,7 +87,9 @@ fn start_container(version: &str) {
             "-e",
             "ACCEPT_EULA=Y",
             "-e",
-            &format!("SA_PASSWORD={}", sa_password),
+            &format!("MSSQL_SA_PASSWORD={}", sa_password),
+            "-e",
+            "MSSQL_PID=Developer",
             "-p",
             "1433:1433",
             &image_tag,
@@ -104,9 +111,11 @@ fn wait_for_sql() {
     sleep(Duration::from_secs(25));
 }
 
-fn stop_container(version: &str) {
+fn stop_container(version: &str, container_engine: &str) {
     let name = format!("mssql-{}", version);
-    let _ = Command::new("docker").args(["rm", "-f", &name]).status();
+    let _ = Command::new(container_engine)
+        .args(["rm", "-f", &name])
+        .status();
     println!("Stopped container {}", name);
 }
 

From d3e3a1919f4f1ba49004b75eb09596b829af748b Mon Sep 17 00:00:00 2001
From: Jonty Leslie <jontyleslie@gmail.com>
Date: Tue, 13 Jan 2026 06:08:53 +0000
Subject: [PATCH 27/27] Removed extras

---
 Cargo.toml                    | 33 +---------------
 README.md                     |  5 +--
 examples/async-std.rs         | 50 ------------------------
 runtimes-macro/src/lib.rs     | 17 ---------
 src/client.rs                 |  2 -
 src/client/config.rs          | 16 ++------
 src/client/connection.rs      | 20 +++-------
 src/client/tls.rs             | 36 +++++-------------
 src/client/tls_stream.rs      | 42 ++------------------
 src/error.rs                  | 14 -------
 src/lib.rs                    | 71 +++++-----------------------------
 src/sql_browser.rs            |  4 --
 src/sql_browser/async_std.rs  | 72 -----------------------------------
 tests/named-instance-async.rs | 44 ---------------------
 tests/query.rs                |  4 +-
 15 files changed, 36 insertions(+), 394 deletions(-)
 delete mode 100644 examples/async-std.rs
 delete mode 100644 src/sql_browser/async_std.rs
 delete mode 100644 tests/named-instance-async.rs

diff --git a/Cargo.toml b/Cargo.toml
index cf01c175..e77ca309 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -22,11 +22,6 @@ members = ["runtimes-macro", "xtask"]
 path = "tests/query.rs"
 name = "query"
 
-[[test]]
-path = "tests/named-instance-async.rs"
-name = "named-instance-async"
-required-features = ["sql-browser-async-std"]
-
 [[test]]
 path = "tests/named-instance-tokio.rs"
 name = "named-instance-tokio"
@@ -58,11 +53,6 @@ winauth = { version = "0.0.4", optional = true }
 [target.'cfg(unix)'.dependencies]
 libgssapi = { version = "0.8.1", optional = true, default-features = false }
 
-[dependencies.async-native-tls]
-version = "0.4"
-features = ["runtime-async-std"]
-optional = true
-
 [dependencies.tokio]
 version = "1.0"
 optional = true
@@ -73,11 +63,6 @@ version = "0.7"
 features = ["compat"]
 optional = true
 
-[dependencies.async-std]
-version = "1"
-optional = true
-features = ["attributes"]
-
 [dependencies.chrono]
 version = "0.4"
 optional = true
@@ -130,11 +115,6 @@ optional = true
 version = "0.6"
 optional = true
 
-[dependencies.opentls]
-version = "0.2.1"
-optional = true
-features = ["io-async-std", "vendored"]
-
 [dev-dependencies.uuid]
 version = "1.0"
 features = ["v4"]
@@ -155,10 +135,6 @@ features = [
 ]
 version = "1.0"
 
-[dev-dependencies.async-std]
-features = ["attributes"]
-version = "1"
-
 [dev-dependencies.runtimes-macro]
 path = "./runtimes-macro"
 
@@ -183,22 +159,17 @@ all = [
     "chrono",
     "time",
     "tds73",
-    "sql-browser-async-std",
     "sql-browser-tokio",
-    "sql-browser-smol",
     "integrated-auth-gssapi",
     "rust_decimal",
     "bigdecimal",
-    "native-tls",
+    "rustls",
 ]
-default = ["tds73", "winauth", "native-tls"]
+default = ["tds73", "winauth", "rustls"]
 tds73 = []
 docs = []
-sql-browser-async-std = ["async-std"]
 sql-browser-tokio = ["tokio", "tokio-util"]
 sql-browser-smol = ["async-io", "async-net", "futures-lite"]
 integrated-auth-gssapi = ["libgssapi"]
 bigdecimal = ["bigdecimal_"]
 rustls = ["tokio-rustls", "tokio-util", "rustls-pemfile", "rustls-native-certs"]
-native-tls = ["async-native-tls"]
-vendored-openssl = ["opentls"]
diff --git a/README.md b/README.md
index 11998e5d..3de72d3b 100644
--- a/README.md
+++ b/README.md
@@ -43,8 +43,7 @@ A native Microsoft SQL Server (TDS) client for Rust.
 | `chrono`                 | Read and write date and time values using `chrono`'s types. (for greenfield, using time instead of chrono is recommended)        | `disabled` |
 | `time`                   | Read and write date and time values using `time` crate types.                                                                    | `disabled` |
 | `rust_decimal`           | Read and write `numeric`/`decimal` values using `rust_decimal`'s `Decimal`.                                                      | `disabled` |
-| `bigdecimal`             | Read and write `numeric`/`decimal` values using `bigdecimal`'s `BigDecimal`.                                                     | `disabled` |
-| `sql-browser-async-std`  | SQL Browser implementation for the `TcpStream` of async-std.                                                                     | `disabled` |
+| `bigdecimal`             | Read and write `numeric`/`decimal` values using `bigdecimal`'s `BigDecimal`.                                                     | `disabled` |                                                                 | `disabled` |
 | `sql-browser-tokio`      | SQL Browser implementation for the `TcpStream` of Tokio.                                                                         | `disabled` |
 | `sql-browser-smol`       | SQL Browser implementation for the `TcpStream` of smol.                                                                          | `disabled` |
 | `integrated-auth-gssapi` | Support for using Integrated Auth via GSSAPI                                                                                     | `disabled` |
@@ -53,7 +52,7 @@ A native Microsoft SQL Server (TDS) client for Rust.
 
 Tiberius does not rely on any protocol when connecting to an SQL Server instance. Instead the `Client` takes a socket that implements the `AsyncRead` and `AsyncWrite` traits from the [futures-rs](https://crates.io/crates/futures) crate.
 
-Currently there are good async implementations for TCP in the [async-std](https://crates.io/crates/async-std), [Tokio](https://crates.io/crates/tokio) and [Smol](https://crates.io/crates/smol) projects.
+Currently there are good async implementations for TCP in the [Tokio](https://crates.io/crates/tokio) and [Smol](https://crates.io/crates/smol) projects.
 
 To be able to use them together with Tiberius on Windows platforms with SQL Server, you should make sure that the TCP protocol is enabled, as depending on the edition, this may not be the case. Standard and Enterprise editions will have the setting enabled by default, whereas Developer, Express editions and the Windows Internal Database feature of the Windows Server OS don't.
 To enable the TCP/IP protocol you may want to use  the [server settings](https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-or-disable-a-server-network-protocol) the [command line](https://docs.microsoft.com/en-us/sql/powershell/how-to-enable-tcp-sqlps).
diff --git a/examples/async-std.rs b/examples/async-std.rs
deleted file mode 100644
index 88fcf1c8..00000000
--- a/examples/async-std.rs
+++ /dev/null
@@ -1,50 +0,0 @@
-use async_std::net::TcpStream;
-use once_cell::sync::Lazy;
-use std::env;
-use tiberius::{Client, Config};
-
-static CONN_STR: Lazy<String> = Lazy::new(|| {
-    env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| {
-        "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true".to_owned()
-    })
-});
-
-#[cfg(not(all(windows, feature = "sql-browser-async-std")))]
-#[async_std::main]
-async fn main() -> anyhow::Result<()> {
-    let config = Config::from_ado_string(&CONN_STR)?;
-
-    let tcp = TcpStream::connect(config.get_addr()).await?;
-    tcp.set_nodelay(true)?;
-
-    let mut client = Client::connect(config, tcp).await?;
-
-    let stream = client.query("SELECT @P1", &[&1i32]).await?;
-    let row = stream.into_row().await?.unwrap();
-
-    println!("{:?}", row);
-    assert_eq!(Some(1), row.get(0));
-
-    Ok(())
-}
-
-#[cfg(all(windows, feature = "sql-browser-async-std"))]
-#[async_std::main]
-async fn main() -> anyhow::Result<()> {
-    use tiberius::SqlBrowser;
-
-    let config = Config::from_ado_string(&CONN_STR)?;
-
-    let tcp = TcpStream::connect_named(&config).await?;
-    tcp.set_nodelay(true)?;
-
-    let mut client = Client::connect(config, tcp).await?;
-
-    let stream = client.query("SELECT @P1", &[&1i32]).await?;
-    let row = stream.into_row().await?.unwrap();
-
-    println!("{:?}", row);
-    assert_eq!(Some(1), row.get(0));
-
-    Ok(())
-}
diff --git a/runtimes-macro/src/lib.rs b/runtimes-macro/src/lib.rs
index cc1d2cab..61cb6b4e 100644
--- a/runtimes-macro/src/lib.rs
+++ b/runtimes-macro/src/lib.rs
@@ -29,28 +29,11 @@ pub fn test_on_runtimes(
         proc_macro2::Ident::new(&conn_str_ident_str, proc_macro2::Span::call_site());
 
     let func_name = func.sig.ident.clone();
-    let async_std_test = quote::format_ident!("{}_{}", func_name, "async_std");
     let tokio_test = quote::format_ident!("{}_{}", func_name, "tokio");
 
     let tokens = quote::quote! {
         #func
 
-        #[test]
-        fn #async_std_test()-> Result<()> {
-            LOGGER_SETUP.call_once(|| {
-                env_logger::init();
-            });
-            async_std::task::block_on(async {
-                let config = tiberius::Config::from_ado_string(&#conn_str_ident)?;
-                let tcp = async_std::net::TcpStream::connect(config.get_addr()).await?;
-                tcp.set_nodelay(true)?;
-                let mut client = tiberius::Client::connect(config, tcp).await?;
-
-                #func_name(client).await?;
-                Ok(())
-            })
-        }
-
         #[test]
         fn #tokio_test()-> Result<()> {
             LOGGER_SETUP.call_once(|| {
diff --git a/src/client.rs b/src/client.rs
index 688721d1..2eb27355 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -5,8 +5,6 @@ mod connection;
 mod tls;
 #[cfg(any(
     feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
 ))]
 mod tls_stream;
 
diff --git a/src/client/config.rs b/src/client/config.rs
index fff68bc1..34a04e1b 100644
--- a/src/client/config.rs
+++ b/src/client/config.rs
@@ -51,15 +51,11 @@ impl Default for Config {
             instance_name: None,
             application_name: None,
             #[cfg(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             ))]
             encryption: EncryptionLevel::Required,
             #[cfg(not(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             )))]
             encryption: EncryptionLevel::NotSupported,
             trust: TrustConfig::Default,
@@ -347,9 +343,7 @@ pub(crate) trait ConfigString {
     }
 
     #[cfg(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     ))]
     fn encrypt(&self) -> crate::Result<EncryptionLevel> {
         self.dict()
@@ -364,9 +358,7 @@ pub(crate) trait ConfigString {
     }
 
     #[cfg(not(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     )))]
     fn encrypt(&self) -> crate::Result<EncryptionLevel> {
         Ok(EncryptionLevel::NotSupported)
diff --git a/src/client/connection.rs b/src/client/connection.rs
index 6b9c1b96..490d454c 100644
--- a/src/client/connection.rs
+++ b/src/client/connection.rs
@@ -1,7 +1,5 @@
 #[cfg(any(
-    feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
+    feature = "rustls"
 ))]
 use crate::client::{tls::TlsPreloginWrapper, tls_stream::create_tls_stream};
 use crate::{
@@ -127,9 +125,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> Connection<S> {
     }
 
     #[cfg(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     ))]
     fn post_login_encryption(mut self, encryption: EncryptionLevel) -> Self {
         if let EncryptionLevel::Off = encryption {
@@ -147,9 +143,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> Connection<S> {
     }
 
     #[cfg(not(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     )))]
     fn post_login_encryption(self, _: EncryptionLevel) -> Self {
         self
@@ -435,9 +429,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> Connection<S> {
 
     /// Implements the TLS handshake with the SQL Server.
     #[cfg(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     ))]
     async fn tls_handshake(
         self,
@@ -480,9 +472,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> Connection<S> {
 
     /// Implements the TLS handshake with the SQL Server.
     #[cfg(not(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     )))]
     async fn tls_handshake(self, _: &Config, _: EncryptionLevel) -> crate::Result<Self> {
         event!(
diff --git a/src/client/tls.rs b/src/client/tls.rs
index b3425c97..8b779263 100644
--- a/src/client/tls.rs
+++ b/src/client/tls.rs
@@ -1,7 +1,5 @@
 #[cfg(any(
-    feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
+    feature = "rustls"
 ))]
 use super::tls_stream::TlsStream;
 use crate::tds::{
@@ -22,26 +20,20 @@ use tracing::{event, Level};
 pub(crate) enum MaybeTlsStream<S: AsyncRead + AsyncWrite + Unpin + Send> {
     Raw(S),
     #[cfg(any(
-        feature = "rustls",
-        feature = "native-tls",
-        feature = "vendored-openssl"
+        feature = "rustls"
     ))]
     Tls(TlsStream<TlsPreloginWrapper<S>>),
 }
 
 #[cfg(any(
-    feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
+    feature = "rustls"
 ))]
 impl<S: AsyncRead + AsyncWrite + Unpin + Send> MaybeTlsStream<S> {
     pub fn into_inner(self) -> S {
         match self {
             Self::Raw(s) => s,
             #[cfg(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             ))]
             Self::Tls(mut tls) => tls.get_mut().stream.take().unwrap(),
         }
@@ -57,9 +49,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> AsyncRead for MaybeTlsStream<S> {
         match self.get_mut() {
             MaybeTlsStream::Raw(s) => Pin::new(s).poll_read(cx, buf),
             #[cfg(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             ))]
             MaybeTlsStream::Tls(s) => Pin::new(s).poll_read(cx, buf),
         }
@@ -75,9 +65,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> AsyncWrite for MaybeTlsStream<S>
         match self.get_mut() {
             MaybeTlsStream::Raw(s) => Pin::new(s).poll_write(cx, buf),
             #[cfg(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             ))]
             MaybeTlsStream::Tls(s) => Pin::new(s).poll_write(cx, buf),
         }
@@ -87,9 +75,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> AsyncWrite for MaybeTlsStream<S>
         match self.get_mut() {
             MaybeTlsStream::Raw(s) => Pin::new(s).poll_flush(cx),
             #[cfg(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             ))]
             MaybeTlsStream::Tls(s) => Pin::new(s).poll_flush(cx),
         }
@@ -99,9 +85,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send> AsyncWrite for MaybeTlsStream<S>
         match self.get_mut() {
             MaybeTlsStream::Raw(s) => Pin::new(s).poll_close(cx),
             #[cfg(any(
-                feature = "rustls",
-                feature = "native-tls",
-                feature = "vendored-openssl"
+                feature = "rustls"
             ))]
             MaybeTlsStream::Tls(s) => Pin::new(s).poll_close(cx),
         }
@@ -127,9 +111,7 @@ pub(crate) struct TlsPreloginWrapper<S> {
 }
 
 #[cfg(any(
-    feature = "rustls",
-    feature = "native-tls",
-    feature = "vendored-openssl"
+    feature = "rustls"
 ))]
 impl<S> TlsPreloginWrapper<S> {
     pub fn new(stream: S) -> Self {
diff --git a/src/client/tls_stream.rs b/src/client/tls_stream.rs
index 5863d8db..c7b698ef 100644
--- a/src/client/tls_stream.rs
+++ b/src/client/tls_stream.rs
@@ -1,52 +1,16 @@
 use crate::Config;
 use futures_util::io::{AsyncRead, AsyncWrite};
 
-#[cfg(feature = "native-tls")]
-mod native_tls_stream;
-
 #[cfg(feature = "rustls")]
 mod rustls_tls_stream;
 
-#[cfg(feature = "vendored-openssl")]
-mod opentls_tls_stream;
-
-#[cfg(feature = "native-tls")]
-pub(crate) use native_tls_stream::TlsStream;
-
-#[cfg(all(feature = "rustls", not(feature = "native-tls")))]
+#[cfg(feature = "rustls")]
 pub(crate) use rustls_tls_stream::TlsStream;
 
-#[cfg(all(
-    feature = "vendored-openssl",
-    not(feature = "rustls"),
-    not(feature = "native-tls")
-))]
-pub(crate) use opentls_tls_stream::TlsStream;
-
-#[cfg(all(feature = "rustls", not(feature = "native-tls")))]
+#[cfg(all(feature = "rustls"))]
 pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
     config: &Config,
     stream: S,
 ) -> crate::Result<TlsStream<S>> {
     TlsStream::new(config, stream).await
-}
-
-#[cfg(feature = "native-tls")]
-pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
-    config: &Config,
-    stream: S,
-) -> crate::Result<TlsStream<S>> {
-    native_tls_stream::create_tls_stream(config, stream).await
-}
-
-#[cfg(all(
-    feature = "vendored-openssl",
-    not(feature = "rustls"),
-    not(feature = "native-tls")
-))]
-pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>(
-    config: &Config,
-    stream: S,
-) -> crate::Result<TlsStream<S>> {
-    opentls_tls_stream::create_tls_stream(config, stream).await
-}
+}
\ No newline at end of file
diff --git a/src/error.rs b/src/error.rs
index 98bf01b5..f7030863 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -87,20 +87,6 @@ impl From<uuid::Error> for Error {
     }
 }
 
-#[cfg(feature = "native-tls")]
-impl From<async_native_tls::Error> for Error {
-    fn from(v: async_native_tls::Error) -> Self {
-        Error::Tls(format!("{}", v))
-    }
-}
-
-#[cfg(feature = "vendored-openssl")]
-impl From<opentls::Error> for Error {
-    fn from(v: opentls::Error) -> Self {
-        Error::Tls(format!("{}", v))
-    }
-}
-
 impl From<Infallible> for Error {
     fn from(_: Infallible) -> Self {
         unreachable!()
diff --git a/src/lib.rs b/src/lib.rs
index 1115a5e2..325ef3df 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,62 +1,9 @@
 //! An asynchronous, runtime-independent, pure-rust Tabular Data Stream (TDS)
 //! implementation for Microsoft SQL Server.
 //!
-//! # Connecting with async-std
-//!
 //! Being not bound to any single runtime, a `TcpStream` must be created
 //! separately and injected to the [`Client`].
 //!
-//! ```no_run
-//! use tiberius::{Client, Config, Query, AuthMethod};
-//! use async_std::net::TcpStream;
-//!
-//! #[async_std::main]
-//! async fn main() -> anyhow::Result<()> {
-//!     // Using the builder method to construct the options.
-//!     let mut config = Config::new();
-//!
-//!     config.host("localhost");
-//!     config.port(1433);
-//!
-//!     // Using SQL Server authentication.
-//!     config.authentication(AuthMethod::sql_server("SA", "<YourStrong@Passw0rd>"));
-//!
-//!     // on production, it is not a good idea to do this
-//!     config.trust_cert();
-//!
-//!     // Taking the address from the configuration, using async-std's
-//!     // TcpStream to connect to the server.
-//!     let tcp = TcpStream::connect(config.get_addr()).await?;
-//!
-//!     // We'll disable the Nagle algorithm. Buffering is handled
-//!     // internally with a `Sink`.
-//!     tcp.set_nodelay(true)?;
-//!
-//!     // Handling TLS, login and other details related to the SQL Server.
-//!     let mut client = Client::connect(config, tcp).await?;
-//!
-//!     // Constructing a query object with one parameter annotated with `@P1`.
-//!     // This requires us to bind a parameter that will then be used in
-//!     // the statement.
-//!     let mut select = Query::new("SELECT @P1");
-//!     select.bind(-4i32);
-//!
-//!     // A response to a query is a stream of data, that must be
-//!     // polled to the end before querying again. Using streams allows
-//!     // fetching data in an asynchronous manner, if needed.
-//!     let stream = select.query(&mut client).await?;
-//!
-//!     // In this case, we know we have only one query, returning one row
-//!     // and one column, so calling `into_row` will consume the stream
-//!     // and return us the first row of the first result.
-//!     let row = stream.into_row().await?;
-//!
-//!     assert_eq!(Some(-4i32), row.unwrap().get(0));
-//!
-//!     Ok(())
-//! }
-//! ```
-//!
 //! # Connecting with Tokio
 //!
 //! Tokio is using their own version of `AsyncRead` and `AsyncWrite` traits,
@@ -180,22 +127,22 @@
 //!
 //! On Windows platforms, connecting to the SQL Server might require going through
 //! the SQL Browser service to get the correct port for the named instance. This
-//! feature requires either the `sql-browser-async-std` or `sql-browser-tokio` feature
+//! feature requires the `sql-browser-tokio` feature
 //! flag to be enabled and has a bit different way of connecting:
 //!
 //! ```no_run
-//! # #[cfg(any(feature = "sql-browser-async-std", feature = "sql-browser-tokio"))]
+//! # #[cfg(feature = "sql-browser-tokio")]
 //! use tiberius::{Client, Config, AuthMethod};
-//! # #[cfg(any(feature = "sql-browser-async-std", feature = "sql-browser-tokio"))]
-//! use async_std::net::TcpStream;
+//! # #[cfg(feature = "sql-browser-tokio")]
+//! use tokio::net::TcpStream;
 //!
 //! // An extra trait that allows connecting to a named instance with the given
 //! // `TcpStream`.
-//! # #[cfg(any(feature = "sql-browser-async-std", feature = "sql-browser-tokio"))]
+//! # #[cfg(feature = "sql-browser-tokio")]
 //! use tiberius::SqlBrowser;
 //!
-//! #[async_std::main]
-//! # #[cfg(any(feature = "sql-browser-async-std", feature = "sql-browser-tokio"))]
+//! #[tokio::main]
+//! # #[cfg(feature = "sql-browser-tokio")]
 //! async fn main() -> anyhow::Result<()> {
 //!     let mut config = Config::new();
 //!
@@ -211,7 +158,7 @@
 //!     // on production, it is not a good idea to do this
 //!     config.trust_cert();
 //!
-//!     // This will create a new `TcpStream` from `async-std`, connected to the
+//!     // This will create a new `TcpStream` from `tokio`, connected to the
 //!     // right port of the named instance.
 //!     let tcp = TcpStream::connect_named(&config).await?;
 //!
@@ -220,7 +167,7 @@
 //!     # client.query("SELECT @P1", &[&-4i32]).await?;
 //!     Ok(())
 //! }
-//! # #[cfg(any(not(feature = "sql-browser-async-std"), not(feature = "sql-browser-tokio")))]
+//! # #[cfg(not(feature = "sql-browser-tokio"))]
 //! # fn main() {}
 //! ```
 //!
diff --git a/src/sql_browser.rs b/src/sql_browser.rs
index b07e8ee2..1c387272 100644
--- a/src/sql_browser.rs
+++ b/src/sql_browser.rs
@@ -1,9 +1,6 @@
 #[cfg(feature = "sql-browser-tokio")]
 mod tokio;
 
-#[cfg(feature = "sql-browser-async-std")]
-mod async_std;
-
 #[cfg(feature = "sql-browser-smol")]
 mod smol;
 
@@ -28,7 +25,6 @@ pub trait SqlBrowser {
 }
 
 #[cfg(any(
-    feature = "sql-browser-async-std",
     feature = "sql-browser-tokio",
     feature = "sql-browser-smol"
 ))]
diff --git a/src/sql_browser/async_std.rs b/src/sql_browser/async_std.rs
deleted file mode 100644
index 14f55de5..00000000
--- a/src/sql_browser/async_std.rs
+++ /dev/null
@@ -1,72 +0,0 @@
-use super::SqlBrowser;
-use async_std::{
-    io,
-    net::{self, ToSocketAddrs},
-};
-use async_trait::async_trait;
-use futures_util::future::TryFutureExt;
-use std::time;
-use tracing::Level;
-
-#[async_trait]
-impl SqlBrowser for net::TcpStream {
-    /// This method can be used to connect to SQL Server named instances
-    /// when on a Windows platform with the `sql-browser-async-std` feature
-    /// enabled. Please see the crate examples for more detailed examples.
-    async fn connect_named(builder: &crate::client::Config) -> crate::Result<Self> {
-        let addrs = builder.get_addr().to_socket_addrs().await?;
-
-        for mut addr in addrs {
-            if let Some(ref instance_name) = builder.instance_name {
-                // First resolve the instance to a port via the
-                // SSRP protocol/MS-SQLR protocol [1]
-                // [1] https://msdn.microsoft.com/en-us/library/cc219703.aspx
-
-                let local_bind: std::net::SocketAddr = if addr.is_ipv4() {
-                    "0.0.0.0:0".parse().unwrap()
-                } else {
-                    "[::]:0".parse().unwrap()
-                };
-
-                tracing::event!(
-                    Level::TRACE,
-                    "Connecting to instance `{}` using SQL Browser in port `{}`",
-                    instance_name,
-                    builder.get_port()
-                );
-
-                let msg = [&[4u8], instance_name.as_bytes()].concat();
-                let mut buf = vec![0u8; 4096];
-
-                let socket = net::UdpSocket::bind(&local_bind).await?;
-                socket.send_to(&msg, &addr).await?;
-
-                let timeout = time::Duration::from_millis(1000);
-
-                let len = io::timeout(timeout, socket.recv(&mut buf))
-                    .map_err(|_| {
-                        crate::error::Error::Conversion(
-                            format!(
-                                "SQL browser timeout during resolving instance {}. Please check if browser is running in port {} and does the instance exist.",
-                                instance_name,
-                                builder.get_port(),
-                            )
-                            .into(),
-                        )
-                    })
-                    .await?;
-
-                let port = super::get_port_from_sql_browser_reply(buf, len, instance_name)?;
-                tracing::event!(Level::TRACE, "Found port `{}` from SQL Browser", port);
-                addr.set_port(port);
-            };
-
-            if let Ok(stream) = net::TcpStream::connect(addr).await {
-                stream.set_nodelay(true)?;
-                return Ok(stream);
-            }
-        }
-
-        Err(io::Error::new(io::ErrorKind::NotFound, "Could not resolve server host").into())
-    }
-}
diff --git a/tests/named-instance-async.rs b/tests/named-instance-async.rs
deleted file mode 100644
index c3e48c65..00000000
--- a/tests/named-instance-async.rs
+++ /dev/null
@@ -1,44 +0,0 @@
-#![cfg(all(windows, feature = "sql-browser-async-std"))]
-
-use async_std::net::TcpStream;
-use once_cell::sync::Lazy;
-use std::env;
-use std::sync::Once;
-use tiberius::{Result, SqlBrowser};
-
-// This is used in the testing macro :)
-#[allow(dead_code)]
-static LOGGER_SETUP: Once = Once::new();
-
-static CONN_STR: Lazy<String> = Lazy::new(|| {
-    env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| {
-        "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true".to_owned()
-    })
-});
-
-static NAMED_INSTANCE_CONN_STR: Lazy<String> = Lazy::new(|| {
-    let instance_name = env::var("TIBERIUS_TEST_INSTANCE").unwrap_or("MSSQLSERVER".to_owned());
-    CONN_STR.replace(",1433", &format!("\\{}", instance_name))
-});
-
-#[test]
-fn connect_to_named_instance() -> Result<()> {
-    LOGGER_SETUP.call_once(|| {
-        env_logger::init();
-    });
-    async_std::task::block_on(async {
-        let config = tiberius::Config::from_ado_string(&NAMED_INSTANCE_CONN_STR)?;
-        let tcp = TcpStream::connect_named(&config).await?;
-        let mut client = tiberius::Client::connect(config, tcp).await?;
-
-        let row = client
-            .query("SELECT @P1", &[&-4i32])
-            .await?
-            .into_row()
-            .await?
-            .unwrap();
-
-        assert_eq!(Some(-4i32), row.get(0));
-        Ok(())
-    })
-}
diff --git a/tests/query.rs b/tests/query.rs
index 4cf3c62b..6f2056db 100644
--- a/tests/query.rs
+++ b/tests/query.rs
@@ -2686,7 +2686,7 @@ where
 }
 
 #[test]
-#[cfg(feature = "sql-browser-async-std")]
+#[cfg(feature = "sql-browser-tokio")]
 fn cyrillic_collations_should_work() -> Result<()> {
     LOGGER_SETUP.call_once(|| {
         env_logger::init();
@@ -2747,7 +2747,7 @@ fn cyrillic_collations_should_work() -> Result<()> {
 }
 
 #[test]
-#[cfg(feature = "sql-browser-async-std")]
+#[cfg(feature = "sql-browser-tokio")]
 fn application_name_should_be_set_correctly() -> Result<()> {
     LOGGER_SETUP.call_once(|| {
         env_logger::init();