From 3d4310ae9696cadc8eaeab747158abe1d03d8b7a Mon Sep 17 00:00:00 2001
From: Julien Riou <riouj@protonmail.com>
Date: Tue, 4 Feb 2025 10:34:08 +0100
Subject: [PATCH] feat(options): add skip_verify param (#3216)

* feat(options): Add skip_verify param

When parsing a URL, add a "skip_verify" query param to disable TLS certificate
verification.

Inspired by various Go drivers:

* ClickHouse: https://github.com/ClickHouse/clickhouse-go/blob/v2.30.0/clickhouse_options.go#L259
* MongoDB: https://github.com/mongodb/mongo-go-driver/blob/v2.0.0/x/mongo/driver/connstring/connstring.go#L609
* MySQL: https://github.com/go-sql-driver/mysql/blob/v1.8.1/dsn.go#L175

Signed-off-by: Julien Riou <julien@riou.xyz>

* docs(options): Add skip_verify to ParseURL

Signed-off-by: Julien Riou <julien@riou.xyz>

---------

Signed-off-by: Julien Riou <julien@riou.xyz>
Co-authored-by: Nedyalko Dyakov <nedyalko.dyakov@gmail.com>
---
 options.go      | 4 ++++
 options_test.go | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/options.go b/options.go
index 8ba74ccd..b9701702 100644
--- a/options.go
+++ b/options.go
@@ -267,6 +267,7 @@ func NewDialer(opt *Options) func(context.Context, string, string) (net.Conn, er
 //     URL attributes (scheme, host, userinfo, resp.), query parameters using these
 //     names will be treated as unknown parameters
 //   - unknown parameter names will result in an error
+//   - use "skip_verify=true" to ignore TLS certificate validation
 //
 // Examples:
 //
@@ -487,6 +488,9 @@ func setupConnParams(u *url.URL, o *Options) (*Options, error) {
 	if q.err != nil {
 		return nil, q.err
 	}
+	if o.TLSConfig != nil && q.has("skip_verify") {
+		o.TLSConfig.InsecureSkipVerify = q.bool("skip_verify")
+	}
 
 	// any parameters left?
 	if r := q.remaining(); len(r) > 0 {
diff --git a/options_test.go b/options_test.go
index 1db36fdb..d46ecc85 100644
--- a/options_test.go
+++ b/options_test.go
@@ -30,6 +30,9 @@ func TestParseURL(t *testing.T) {
 		}, {
 			url: "rediss://localhost:123",
 			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{ /* no deep comparison */ }},
+		}, {
+			url: "rediss://localhost:123/?skip_verify=true",
+			o:   &Options{Addr: "localhost:123", TLSConfig: &tls.Config{InsecureSkipVerify: true}},
 		}, {
 			url: "redis://:bar@localhost:123",
 			o:   &Options{Addr: "localhost:123", Password: "bar"},