feat: improve TLS URL parameters with snake_case naming

Building on Ben Weissmann's original implementation, this commit adds:

- Snake_case parameter names (addressing reviewer feedback):
  * tls_cert_file and tls_key_file (instead of TLSCertPEMFile/TLSKeyPEMFile)
  * tls_min_version and tls_max_version (instead of TLSMinVersion/TLSMaxVersion)
  * tls_server_name (instead of ServerName)
- Improved error messages for better user experience
- Updated test cases to use snake_case parameters
- Removed redundant tls_insecure_skip_verify (use existing skip_verify)
- Enhanced documentation with clear parameter descriptions

This addresses all reviewer feedback from PR #2076 while maintaining
the core functionality and comprehensive test coverage.

Author: ofekshenawa

options.go

@@ -358,6 +358,10 @@ func NewDialer(opt *Options) func(context.Context, string, string) (net.Conn, er
 //     names will be treated as unknown parameters
 //   - unknown parameter names will result in an error
 //   - use "skip_verify=true" to ignore TLS certificate validation
+//   - for rediss:// URLs, additional TLS parameters are supported:
+//   - tls_cert_file and tls_key_file: paths to client certificate and key files
+//   - tls_min_version and tls_max_version: TLS version constraints (e.g., 771 for TLS 1.2)
+//   - tls_server_name: override server name for certificate validation
 //
 // Examples:
 //
@@ -577,32 +581,35 @@ func setupConnParams(u *url.URL, o *Options) (*Options, error) {
 	}
 
 	if u.Scheme == "rediss" {
-		tlsCertPEMFile := q.string("TLSCertPEMFile")
-		tlsKeyPEMFile := q.string("TLSKeyPEMFile")
+		tlsCertFile := q.string("tls_cert_file")
+		tlsKeyFile := q.string("tls_key_file")
 
-		if (tlsCertPEMFile == "") != (tlsKeyPEMFile == "") {
-			return nil, fmt.Errorf("redis: TLSCertPEMFile and TLSKeyPEMFile URL parameters must be both set or both omitted")
+		if (tlsCertFile == "") != (tlsKeyFile == "") {
+			return nil, fmt.Errorf("redis: tls_cert_file and tls_key_file URL parameters must be both set or both omitted")
 		}
 
-		if tlsCertPEMFile != "" {
-			cert, certLoadErr := tls.LoadX509KeyPair(tlsCertPEMFile, tlsKeyPEMFile)
+		if tlsCertFile != "" {
+			cert, certLoadErr := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
 			if certLoadErr != nil {
-				return nil, fmt.Errorf("redis: Error loading X509 Key Pair: %w", certLoadErr)
+				return nil, fmt.Errorf("redis: error loading TLS certificate: %w", certLoadErr)
 			}
 
 			o.TLSConfig.Certificates = []tls.Certificate{cert}
 		}
 
-		o.TLSConfig.MinVersion = uint16(q.int("TLSMinVersion"))
-		o.TLSConfig.MaxVersion = uint16(q.int("TLSMaxVersion"))
-		o.TLSConfig.InsecureSkipVerify = q.bool("TLSInsecureSkipVerify")
+		if q.has("tls_min_version") {
+			o.TLSConfig.MinVersion = uint16(q.int("tls_min_version"))
+		}
+		if q.has("tls_max_version") {
+			o.TLSConfig.MaxVersion = uint16(q.int("tls_max_version"))
+		}
 
-		serverNameOverride := q.string("ServerName")
-		if serverNameOverride != "" {
+		tlsServerName := q.string("tls_server_name")
+		if tlsServerName != "" {
 			// we explicitly check for this query parameter, so we don't overwrite
 			// the default server name (the hostname of the Redis server) if it's
 			// not given
-			o.TLSConfig.ServerName = serverNameOverride
+			o.TLSConfig.ServerName = tlsServerName
 		}
 	}
 	if q.err != nil {

options_test.go

@@ -50,27 +50,27 @@ EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==
 			o:   &Options{Addr: "12345:6379"},
 		}, {
 			url: "rediss://localhost:123",
-			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "localhost"}},
+			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "localhost", MinVersion: tls.VersionTLS12}},
 		}, {
-			url: "rediss://localhost:123?ServerName=abc&TLSMinVersion=1&TLSMaxVersion=3&TLSInsecureSkipVerify=true",
+			url: "rediss://localhost:123?tls_server_name=abc&tls_min_version=1&tls_max_version=3&skip_verify=true",
 			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "abc", MinVersion: 1, MaxVersion: 3, InsecureSkipVerify: true}},
 		}, {
-			url: "rediss://localhost:123?TLSCertPEMFile=./testdata/testcert.pem&TLSKeyPEMFile=./testdata/testkey.pem",
-			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "localhost", Certificates: []tls.Certificate{testCert}}},
+			url: "rediss://localhost:123?tls_cert_file=./testdata/testcert.pem&tls_key_file=./testdata/testkey.pem",
+			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "localhost", MinVersion: tls.VersionTLS12, Certificates: []tls.Certificate{testCert}}},
 		}, {
-			url: "rediss://localhost:123?TLSCertPEMFile=./testdata/doesnotexist.pem&TLSKeyPEMFile=./testdata/testkey.pem",
+			url: "rediss://localhost:123?tls_cert_file=./testdata/doesnotexist.pem&tls_key_file=./testdata/testkey.pem",
 			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "abc"}},
-			err: errors.New("redis: Error loading X509 Key Pair: open ./testdata/doesnotexist.pem: no such file or directory"),
+			err: errors.New("redis: error loading TLS certificate: open ./testdata/doesnotexist.pem: no such file or directory"),
 		}, {
-			url: "rediss://localhost:123?TLSCertPEMFile=./testdata/testcert.pem",
+			url: "rediss://localhost:123?tls_cert_file=./testdata/testcert.pem",
 			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "abc"}},
-			err: errors.New("redis: TLSCertPEMFile and TLSKeyPEMFile URL parameters must be both set or both omitted"),
+			err: errors.New("redis: tls_cert_file and tls_key_file URL parameters must be both set or both omitted"),
 		}, {
-			url: "rediss://localhost:123?TLSKeyPEMFile=./testdata/testkey.pem",
-			err: errors.New("redis: TLSCertPEMFile and TLSKeyPEMFile URL parameters must be both set or both omitted"),
+			url: "rediss://localhost:123?tls_key_file=./testdata/testkey.pem",
+			err: errors.New("redis: tls_cert_file and tls_key_file URL parameters must be both set or both omitted"),
 		}, {
 			url: "rediss://localhost:123/?skip_verify=true",
-			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "localhost", InsecureSkipVerify: true}},
+			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ServerName: "localhost", MinVersion: tls.VersionTLS12, InsecureSkipVerify: true}},
 		}, {
 			url: "redis://:bar@localhost:123",
 			o:   &Options{Addr: "localhost:123", Password: "bar"},