SERVER-74999 introduces a new configuration option that can be used to specify the value for a custom X.509 extension that client certificates must have in order to be considered peer servers. Customers may wish to rotate their certificates containing new values for the extension or even to switch between clusterMembershipExtension and the subject name attributes matching feature provided in SERVER-74989.

In order to support updates to this configuration option without downtime, this ticket will introduce a new server parameter that can be used to override the config option for clusterMembershipExtension. When set, clients presenting certificates with either the config option or the server parameter extension values will be accepted as peer nodes.

The ticket will also add test cases similar to the one detailed in SERVER-74996 to show how the server parameter can be used to update extensions or switch between subject name attribute matching and extensions.