10 files changed, 121 insertions, 0 deletions

diff --git a/.travis.yml b/.travis.yml
index 71efd8ff..c7413ea9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -120,3 +120,5 @@ notifications:
             - "irc.freenode.org#cryptography-dev"
         use_notice: true
         skip_join: true
+    webhooks:
+        - https://buildtimetrend.herokuapp.com/travis
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 622a9d70..f6eecfec 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -140,6 +140,8 @@ Custom X.509 Vectors
   subject alternative name extension with the ``registeredID`` general name.
 * ``all_key_usages.pem`` - An RSA 2048 bit self-signed certificate containing
   a key usage extension with all nine purposes set to true.
+* ``extended_key_usage.pem`` - An RSA 2048 bit self-signed certificate
+  containing an extended key usage extension with eight usages.
 * ``san_idna_names.pem`` - An RSA 2048 bit self-signed certificate containing
   a subject alternative name extension with ``rfc822Name``, ``dNSName``, and
   ``uniformResourceIdentifier`` general names with IDNA (:rfc:`5895`) encoding.
@@ -154,6 +156,10 @@ Custom X.509 Vectors
   subject alternative name extension with an ``iPAddress`` value.
 * ``san_dirname.pem`` - An RSA 2048 bit self-signed certificate containing a
   subject alternative name extension with a ``directoryName`` value.
+* ``inhibit_any_policy_5.pem`` - An RSA 2048 bit self-signed certificate
+  containing an inhibit any policy extension with the value 5.
+* ``inhibit_any_policy_negative.pem`` - An RSA 2048 bit self-signed certificate
+  containing an inhibit any policy extension with the value -1.
 
 Custom X.509 Request Vectors
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 25cb5704..4ba66bb7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -145,6 +145,16 @@ class _Certificate(object):
         self._backend = backend
         self._x509 = x509
 
+    def __eq__(self, other):
+        if not isinstance(other, x509.Certificate):
+            return NotImplemented
+
+        res = self._backend._lib.X509_cmp(self._x509, other._x509)
+        return res == 0
+
+    def __ne__(self, other):
+        return not self == other
+
     def fingerprint(self, algorithm):
         h = hashes.Hash(algorithm, self._backend)
         bio = self._backend._create_mem_bio()
diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py
index b182180f..4a824ae5 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/cryptography/hazmat/bindings/openssl/ssl.py
@@ -211,6 +211,9 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *);
 int SSL_CTX_use_PrivateKey(SSL_CTX *, EVP_PKEY *);
 int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int);
 int SSL_CTX_check_private_key(const SSL_CTX *);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *,
+                                      int (*)(X509_STORE_CTX *,void *),
+                                      void *);
 
 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py
index b5c9ee14..a1fb7ffb 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509.py
+++ b/src/cryptography/hazmat/bindings/openssl/x509.py
@@ -115,6 +115,7 @@ FUNCTIONS = """
 X509 *X509_new(void);
 void X509_free(X509 *);
 X509 *X509_dup(X509 *);
+int X509_cmp(const X509 *, const X509 *);
 
 int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long);
 
@@ -140,6 +141,7 @@ int X509_set_issuer_name(X509 *, X509_NAME *);
 
 int X509_get_ext_count(X509 *);
 int X509_add_ext(X509 *, X509_EXTENSION *, int);
+X509_EXTENSION *X509_delete_ext(X509 *, int);
 X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *);
 X509_EXTENSION *X509_get_ext(X509 *, int);
 int X509_get_ext_by_NID(X509 *, int, int);
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index dd6ea926..b22ac8be 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -730,6 +730,18 @@ class Certificate(object):
         in the certificate.
         """
 
+    @abc.abstractmethod
+    def __eq__(self, other):
+        """
+        Checks equality.
+        """
+
+    @abc.abstractmethod
+    def __ne__(self, other):
+        """
+        Checks not equal.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class CertificateSigningRequest(object):
diff --git a/tests/test_x509.py b/tests/test_x509.py
index df291de2..8561f1f4 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -313,6 +313,36 @@ class TestRSACertificate(object):
 
         assert exc.value.parsed_version == 7
 
+    def test_eq(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert2 = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        assert cert == cert2
+
+    def test_ne(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert2 = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs",
+                "ValidGeneralizedTimenotAfterDateTest8EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+        assert cert != cert2
+        assert cert != object()
+
     def test_version_1_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "v1_cert.pem"),
diff --git a/vectors/cryptography_vectors/x509/custom/extended_key_usage.pem b/vectors/cryptography_vectors/x509/custom/extended_key_usage.pem
new file mode 100644
index 00000000..e17c87e0
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/extended_key_usage.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAiGgAwIBAgITBmouGmlz8B0jbn/oy5Zm347WAjANBgkqhkiG9w0BAQUF
+ADApMQ0wCwYDVQQKDARQeUNBMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wHhcN
+MTUwNTAxMjIyMzM1WhcNMTYwNDMwMjIyMzM1WjApMQ0wCwYDVQQKDARQeUNBMRgw
+FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDCadi1UZioxdnPajqlRZHeKsSxvXXhgrWvlt91P3gV0dBThRFhJsLO
+hjNLz6PO6KeRbjz9GhTA2hdkxtIpXrjvTv9dEJ1/k0xebsHWgFC43aTlgekw0U4c
+MwMe5NGeeg1tfzbJwldIN+cKvabc08ADlkmM6DMnUArkzA2yii0DErRFMSIGrkDr
+6E9puord3h6Mh8Jfnc3TDAq8Qo1DI2XM7oFSWNfecQ9KbIC5wzzT+7Shoyz7QmCk
+/XhRzt8Xcfc3yAXIwazvLf8bYP1auaSG11a5E+w6onj91h8UHKKOXu+rdq5YYPZ+
+qUYpxA7ZJ/VAGadMulYbXaO8Syi39HTpAgMBAAGjWjBYMFYGA1UdJQRPME0GCCsG
+AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCQYI
+KwYBBQUHAwgGBFUdJQAGCWCGSAGG+EIEATANBgkqhkiG9w0BAQUFAAOCAQEAZEnO
+bpVLLVFVihyp3wX8JiPgeHAiAexs2KuVD2yVYhzSLm3f1k580mK1VDtW0Cn3GEiQ
+qZax/KHN7WmZXdqNHQ3qJp86QXR7BATD1hgUOW1H62jRaH82OKl0o/LxeLKKJyt8
+YehtxE0If+HL0dDL1KdNgEggcG4iVG5QS5PJNZ/2j2ZqjT+PTy96++L8BhdEfrAT
+PNpWyAB31Tyx3P4iQOT7WOgbXCp7/a2piSRaaqcWHioQ6OtAujEJ8Yu22IuwwyNZ
+gZNEB57kX0L3t9dg1ojVGHtaUql8aWf+OiFBjzZH+YcgNDyqAJWhy3d7T4f6VC+S
+kHrqKK+Nv7i6s/qH5Q==
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/custom/inhibit_any_policy_5.pem b/vectors/cryptography_vectors/x509/custom/inhibit_any_policy_5.pem
new file mode 100644
index 00000000..681770cf
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/inhibit_any_policy_5.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdigAwIBAgITBmot4z1/TiVQVVjARir3nGQGETANBgkqhkiG9w0BAQUF
+ADApMQ0wCwYDVQQKDARQeUNBMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wHhcN
+MTUwNTAxMjIxMTIyWhcNMTYwNDMwMjIxMTIyWjApMQ0wCwYDVQQKDARQeUNBMRgw
+FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCZcYt4uuICKbglCg0qlreb8P52FjWhdrJ7GNbZBDw5iwsKoLb191YI
+6cXRk+FMtMJJ7aqjoXxpHDsad2iDsMRtj9ZjUMRxZTJyZVvmYCm4FP4bP1GE+W48
+N3hiUq8hv3UX4nAzLMIniXfQANYpHDZxh0EkX3vQaCEi5abwbzb0Ra7sUWNAPUVF
+Ag3IyNkYqXm1lveWkogkXnBgr8RH7dN59hGHYbKU0aRpmHBB82NyJUkDCl47ybNJ
+xaRS9M/QOMg2FCXgQGJzDcLvafIeEqcoy6jq9NwzydafHeYc6QY5P7pl7AqwEYeL
+AYC3i0eTtRCP64ChL4eA9VKREiwesKS5AgMBAAGjETAPMA0GA1UdNgEB/wQDAgEF
+MA0GCSqGSIb3DQEBBQUAA4IBAQCYMu1zYjS7pDmJE+RJtIHxzUNrfBs9mV58H9PN
+UgUvttCWdD+6U9v5mOJS5HVl9wiR8Slf9lz9KuTJkT0K5qmcn0PZpo/eJZd7yDYK
+hRfQ8xQapA/zK4u1S/kfflXmvvwvCaAn3fEfqOrylPrtCQBFwLZDo88a1Fmjmjti
+ipwxCkGMrwRaWQtIzEB1T0lCEGSfNtI4pcNM84RrlW+WYUBjsNm4X3kPnLLl8BY3
+xcUPQgBZpFdLDcOLrd0XeTRpMenzAZ/ksYEpvDlnlk54Pfe+I8dXF9oe9LhFUfjx
+rbvJIJgRkQeJl9hwqQyqgnpaIZHA5opoMkjeYxihsR5pQ+ag
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/custom/inhibit_any_policy_negative.pem b/vectors/cryptography_vectors/x509/custom/inhibit_any_policy_negative.pem
new file mode 100644
index 00000000..3d610e6e
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/inhibit_any_policy_negative.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdigAwIBAgITBmot7URN56N4n8y2DDs8wRpz6zANBgkqhkiG9w0BAQUF
+ADApMQ0wCwYDVQQKDARQeUNBMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wHhcN
+MTUwNTAxMjIxMzM1WhcNMTYwNDMwMjIxMzM1WjApMQ0wCwYDVQQKDARQeUNBMRgw
+FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDCadi1UZioxdnPajqlRZHeKsSxvXXhgrWvlt91P3gV0dBThRFhJsLO
+hjNLz6PO6KeRbjz9GhTA2hdkxtIpXrjvTv9dEJ1/k0xebsHWgFC43aTlgekw0U4c
+MwMe5NGeeg1tfzbJwldIN+cKvabc08ADlkmM6DMnUArkzA2yii0DErRFMSIGrkDr
+6E9puord3h6Mh8Jfnc3TDAq8Qo1DI2XM7oFSWNfecQ9KbIC5wzzT+7Shoyz7QmCk
+/XhRzt8Xcfc3yAXIwazvLf8bYP1auaSG11a5E+w6onj91h8UHKKOXu+rdq5YYPZ+
+qUYpxA7ZJ/VAGadMulYbXaO8Syi39HTpAgMBAAGjETAPMA0GA1UdNgEB/wQDAgH/
+MA0GCSqGSIb3DQEBBQUAA4IBAQBbFY9BzxtBqovxCIhxhaiSemoAbIPJx/j8i0fn
+YYzcL8CDWO1tjb3m2w4tFRtdx16xFPfvN30FWWD0925uNK0CPxcPsisLB4a6mLBU
+1Epy9/0Zwfw+lF73lpCBeJ5PGw/yqNyV6fLWzJN1q1q9KJfdAMqm+4YZHEjM9s5q
+h+SsDrtDghLR97xyEwLzI4wkByFSOlk/f80Y56V9uftihbpDkNp8ujVMfFqpchzo
+kQ20U/wwhmkAP1iEfacCY8eGngJ5DQEkEN5pbOvZGj2ZFAExfFlF58CpBH+Hy9+I
+NeelamzVj+GvcPzICMkU31ESyjajSJ6Ta4yssn8FH8B0hp/z
+-----END CERTIFICATE-----