1 files changed, 27 insertions, 4 deletions

diff --git a/src/mongo/util/net/ssl_manager.h b/src/mongo/util/net/ssl_manager.h
index d93728aa466..fa2abc656a5 100644
--- a/src/mongo/util/net/ssl_manager.h
+++ b/src/mongo/util/net/ssl_manager.h
@@ -101,14 +101,24 @@ public:
     virtual std::string getSNIServerName() const = 0;
 };
 
-struct SSLConfiguration {
+class SSLConfiguration {
+public:
     bool isClusterMember(StringData subjectName) const;
-    bool isClusterMember(const SSLX509Name& subjectName) const;
+    bool isClusterMember(SSLX509Name subjectName) const;
     BSONObj getServerStatusBSON() const;
-    SSLX509Name serverSubjectName;
+    Status setServerSubjectName(SSLX509Name name);
+
+    const SSLX509Name& serverSubjectName() const {
+        return _serverSubjectName;
+    }
+
     SSLX509Name clientSubjectName;
     Date_t serverCertificateExpirationDate;
     bool hasCA = false;
+
+private:
+    SSLX509Name _serverSubjectName;
+    std::vector<SSLX509Name::Entry> _canonicalServerSubjectName;
 };
 
 /**
@@ -244,13 +254,26 @@ StatusWith<stdx::unordered_set<RoleName>> parsePeerRoles(ConstDataRange cdrExten
 std::string removeFQDNRoot(std::string name);
 
 /**
- * Escape a string per RGC 2253
+ * Escape a string per RFC 2253
  *
  * See "2.4 Converting an AttributeValue from ASN.1 to a String" in RFC 2243
  */
 std::string escapeRfc2253(StringData str);
 
 /**
+ * Parse a DN from a string per RFC 4514
+ */
+StatusWith<SSLX509Name> parseDN(StringData str);
+
+/**
+ * These functions map short names for RDN components to numeric OID's and the other way around.
+ *
+ * The x509ShortNameToOid returns boost::none if no mapping exists for that oid.
+ */
+std::string x509OidToShortName(StringData name);
+boost::optional<std::string> x509ShortNameToOid(StringData name);
+
+/**
  * Platform neutral TLS version enum
  */
 enum class TLSVersion {