Today, servers determine whether a connecting client is a peer server node either via keyfile authentication or X.509. If X.509 authentication is enabled on the server and the connecting client's certificate has a subject name DN sharing the same O, OU, and DC attributes as the server's certificate, then the connecting client is considered as a peer server node.

In an effort to make this more customizable, we will add a configuration file option that will take priority over this default policy. The option will specify a set of subject name DN attributes and values that the server will check for in the connecting client's certificate. If they match, then the client will be treated as a peer server node.