From b7a3c7a3be363e6ec378700a3a11299686d2bc3f Mon Sep 17 00:00:00 2001
From: Chongyi Zheng <git@zcy.dev>
Date: Wed, 27 May 2026 01:51:16 -0500
Subject: [PATCH] chore: remove mssql `x509negativeserial` workaround (#37853)

The following TLS handshake error is fixed by newer versions of mssql
(refer to
https://github.com/microsoft/mssql-docker/issues/895#issuecomment-2737646391)

```
TLS Handshake failed: tls: failed to parse certificate from server: x509: negative serial number
```

Based on
https://github.com/microsoft/go-sqlcmd/issues/755#issuecomment-4491676993,
newer versions of mssql don't have this problem. And there're changes
going to mssql driver side to make this error more explicit
https://github.com/microsoft/go-mssqldb/pull/356.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
---
 go.mod | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/go.mod b/go.mod
index acd615a5bfe..e85ddadd9d7 100644
--- a/go.mod
+++ b/go.mod
@@ -2,11 +2,6 @@ module gitea.dev
 
 go 1.26.3
 
-// rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
-// But some CAs use negative serial number, just relax the check. related:
-// Default TLS cert uses negative serial number #895 https://github.com/microsoft/mssql-docker/issues/895
-godebug x509negativeserial=1
-
 require (
 	code.gitea.io/actions-proto-go v0.4.1
 	code.gitea.io/sdk/gitea v0.25.1