SERVER-40156 Replica sets support Split Horizons

Replica sets can now respond to `isMaster` requests with
different hostnames and ports, if contacted via alternate
names using TLS.  The `horizons` field in replica set
member configurations can be used to control which
`HostAndPort` to reply with for which "horizon view" of
a replica set.

2 files changed, 13 insertions, 23 deletions

diff --git a/src/mongo/transport/session.h b/src/mongo/transport/session.h
index b2a9b2ba1a6..8924b1a9356 100644
--- a/src/mongo/transport/session.h
+++ b/src/mongo/transport/session.h
@@ -145,6 +145,10 @@ public:
     virtual const HostAndPort& remote() const = 0;
     virtual const HostAndPort& local() const = 0;
 
+    virtual boost::optional<std::string> getSniName() const {
+        return boost::none;
+    }
+
     /**
      * Atomically set all of the session tags specified in the 'tagsToSet' bit field. If the
      * 'kPending' tag is set, indicating that no tags have yet been specified for the session, this
diff --git a/src/mongo/transport/session_asio.h b/src/mongo/transport/session_asio.h
index f2113dc29e5..43d307069bf 100644
--- a/src/mongo/transport/session_asio.h
+++ b/src/mongo/transport/session_asio.h
@@ -236,12 +236,10 @@ protected:
         return doHandshake().then([this, target] {
             _ranHandshake = true;
 
-            auto swPeerInfo = uassertStatusOK(getSSLManager()->parseAndValidatePeerCertificate(
-                _sslSocket->native_handle(), target.host(), target));
+            SSLPeerInfo::forSession(shared_from_this()) =
+                uassertStatusOK(getSSLManager()->parseAndValidatePeerCertificate(
+                    _sslSocket->native_handle(), target.host(), target));
 
-            if (swPeerInfo) {
-                SSLPeerInfo::forSession(shared_from_this()) = std::move(*swPeerInfo);
-            }
         });
     }
 
@@ -510,6 +508,10 @@ private:
 
         return boost::none;
     }
+
+    boost::optional<std::string> getSniName() const override {
+        return SSLPeerInfo::forSession(shared_from_this()).sniName;
+    }
 #endif
 
     template <typename Stream, typename ConstBufferSequence>
@@ -614,24 +616,8 @@ private:
                 auto& sslPeerInfo = SSLPeerInfo::forSession(shared_from_this());
 
                 if (sslPeerInfo.subjectName.empty()) {
-                    auto swPeerInfo = getSSLManager()->parseAndValidatePeerCertificate(
-                        _sslSocket->native_handle(), "", _remote);
-
-                    // The value of swPeerInfo is a bit complicated:
-                    //
-                    // If !swPeerInfo.isOK(), then there was an error doing the SSL
-                    // handshake and we should reject the connection.
-                    //
-                    // If !sslPeerInfo.getValue(), then the SSL handshake was successful,
-                    // but the peer didn't provide a SSL certificate, and we do not require
-                    // one. sslPeerInfo should be empty.
-                    //
-                    // Otherwise the SSL handshake was successful and the peer did provide
-                    // a certificate that is valid, and we should store that info on the
-                    // session's SSLPeerInfo decoration.
-                    if (auto optPeerInfo = uassertStatusOK(swPeerInfo)) {
-                        sslPeerInfo = *optPeerInfo;
-                    }
+                    sslPeerInfo = uassertStatusOK(getSSLManager()->parseAndValidatePeerCertificate(
+                        _sslSocket->native_handle(), "", _remote));
                 }
                 return true;
             });