3 files changed, 33 insertions, 7 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 3b1ff790..68104e69 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -226,15 +226,12 @@ class _Certificate(object):
     def __ne__(self, other):
         return not self == other
 
+    def __hash__(self):
+        return hash(self.public_bytes(serialization.Encoding.DER))
+
     def fingerprint(self, algorithm):
         h = hashes.Hash(algorithm, self._backend)
-        bio = self._backend._create_mem_bio()
-        res = self._backend._lib.i2d_X509_bio(
-            bio, self._x509
-        )
-        assert res == 1
-        der = self._backend._read_mem_bio(bio)
-        h.update(der)
+        h.update(self.public_bytes(serialization.Encoding.DER))
         return h.finalize()
 
     @property
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index fb21be2b..f8134958 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1324,6 +1324,12 @@ class Certificate(object):
         """
 
     @abc.abstractmethod
+    def __hash__(self):
+        """
+        Computes a hash.
+        """
+
+    @abc.abstractmethod
     def public_bytes(self, encoding):
         """
         Serializes the certificate to PEM or DER format.
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 80ae0a22..ccb24d7f 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -347,6 +347,29 @@ class TestRSACertificate(object):
         assert cert != cert2
         assert cert != object()
 
+    def test_hash(self, backend):
+        cert1 = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert2 = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert3 = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs",
+                "ValidGeneralizedTimenotAfterDateTest8EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        assert hash(cert1) == hash(cert2)
+        assert hash(cert1) != hash(cert3)
+
     def test_version_1_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "v1_cert.pem"),