Merge pull request #1883 from reaperhulk/fix-1866

add support for equality testing to x509.Certificate
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 5558f14..7f633c7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -123,6 +123,16 @@
         self._backend = backend
         self._x509 = x509
 
+    def __eq__(self, other):
+        if not isinstance(other, x509.Certificate):
+            return NotImplemented
+
+        res = self._backend._lib.X509_cmp(self._x509, other._x509)
+        return res == 0
+
+    def __ne__(self, other):
+        return not self == other
+
     def fingerprint(self, algorithm):
         h = hashes.Hash(algorithm, self._backend)
         bio = self._backend._create_mem_bio()
diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py
index fd7a12a..a1fb7ff 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509.py
+++ b/src/cryptography/hazmat/bindings/openssl/x509.py
@@ -115,6 +115,7 @@
 X509 *X509_new(void);
 void X509_free(X509 *);
 X509 *X509_dup(X509 *);
+int X509_cmp(const X509 *, const X509 *);
 
 int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long);
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index dd6ea92..b22ac8b 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -730,6 +730,18 @@
         in the certificate.
         """
 
+    @abc.abstractmethod
+    def __eq__(self, other):
+        """
+        Checks equality.
+        """
+
+    @abc.abstractmethod
+    def __ne__(self, other):
+        """
+        Checks not equal.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class CertificateSigningRequest(object):
diff --git a/tests/test_x509.py b/tests/test_x509.py
index df291de..8561f1f 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -313,6 +313,36 @@
 
         assert exc.value.parsed_version == 7
 
+    def test_eq(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert2 = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        assert cert == cert2
+
+    def test_ne(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert2 = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs",
+                "ValidGeneralizedTimenotAfterDateTest8EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+        assert cert != cert2
+        assert cert != object()
+
     def test_version_1_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "v1_cert.pem"),