1 files changed, 34 insertions, 2 deletions

diff --git a/src/mongo/util/net/ssl_manager.h b/src/mongo/util/net/ssl_manager.h
index b7cfd8b8099..567011971b5 100644
--- a/src/mongo/util/net/ssl_manager.h
+++ b/src/mongo/util/net/ssl_manager.h
@@ -208,7 +208,16 @@ class SSLManagerInterface : public Decorable<SSLManagerInterface> {
 public:
     /**
      * Creates an instance of SSLManagerInterface.
-     * Note: as we normally have one instance of the manager, it cannot take TransientSSLParams.
+     * Note: if 'transientSSLParams' is set, this will create a transient instance of the manager,
+     * otherwise, normally, this will be a global instance.
+     */
+    static std::shared_ptr<SSLManagerInterface> create(
+        const SSLParams& params,
+        const std::optional<TransientSSLParams>& transientSSLParams,
+        bool isServer);
+
+    /**
+     * Creates an instance of SSLManagerInterface without transient SSL params.
      */
     static std::shared_ptr<SSLManagerInterface> create(const SSLParams& params, bool isServer);
 
@@ -250,6 +259,23 @@ public:
      */
     virtual const SSLConfiguration& getSSLConfiguration() const = 0;
 
+    /**
+     * @return true if this manager was created with 'transientSSLParams' to authenticate with
+     * a particular remote cluster.
+     */
+    virtual bool isTransient() const {
+        return false;
+    }
+
+    /**
+     * @return Connection string for the remote cluster if this manager is transient (isTransient()
+     * == true), otherwise returns empty string.
+     */
+    virtual std::string getTargetedClusterConnectionString() const {
+        invariant(!isTransient());
+        return {};
+    }
+
 #if MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL
     /**
      * Fetches the error text for an error code, in a thread-safe manner.
@@ -293,7 +319,6 @@ public:
      */
     virtual Status initSSLContext(SSLContextType context,
                                   const SSLParams& params,
-                                  const TransientSSLParams& transientParams,
                                   ConnectionDirection direction) = 0;
 
     /**
@@ -350,6 +375,13 @@ public:
     std::shared_ptr<SSLManagerInterface> getSSLManager();
 
     /**
+     * Create a transient instance of SSL Manager.
+     * Ownership of the new manager is passed to the invoker.
+     */
+    std::shared_ptr<SSLManagerInterface> createTransientSSLManager(
+        const TransientSSLParams& transientSSLParams) const;
+
+    /**
      * Perform certificate rotation safely.
      */
     void rotate();