3 files changed, 123 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py
index c12624bc..5445f3c9 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/cryptography/hazmat/bindings/openssl/ssl.py
@@ -331,6 +331,7 @@ long SSL_set_tlsext_status_ocsp_resp(SSL *, unsigned char *, int);
 long SSL_get_tlsext_status_ocsp_resp(SSL *, const unsigned char **);
 long SSL_set_tlsext_status_type(SSL *, long);
 long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *));
+long SSL_CTX_set_tlsext_status_arg(SSL_CTX *, void *);
 
 long SSL_session_reused(SSL *);
 
@@ -434,6 +435,7 @@ static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 1;
 #else
 static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 0;
 long (*SSL_CTX_set_tlsext_status_cb)(SSL_CTX *, int(*)(SSL *, void *)) = NULL;
+long (*SSL_CTX_set_tlsext_status_arg)(SSL_CTX *, void *) = NULL;
 #endif
 
 #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
@@ -639,6 +641,7 @@ CONDITIONAL_NAMES = {
 
     "Cryptography_HAS_TLSEXT_STATUS_REQ_CB": [
         "SSL_CTX_set_tlsext_status_cb",
+        "SSL_CTX_set_tlsext_status_arg"
     ],
 
     "Cryptography_HAS_STATUS_REQ_OCSP_RESP": [
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index b0a4a352..71ba9042 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -333,6 +333,15 @@ class BasicConstraints(object):
         return ("<BasicConstraints(ca={0.ca}, "
                 "path_length={0.path_length})>").format(self)
 
+    def __eq__(self, other):
+        if not isinstance(other, BasicConstraints):
+            return NotImplemented
+
+        return self.ca == other.ca and self.path_length == other.path_length
+
+    def __ne__(self, other):
+        return not self == other
+
 
 class KeyUsage(object):
     def __init__(self, digital_signature, content_commitment, key_encipherment,
@@ -397,6 +406,25 @@ class KeyUsage(object):
                 "encipher_only={1}, decipher_only={2})>").format(
                     self, encipher_only, decipher_only)
 
+    def __eq__(self, other):
+        if not isinstance(other, KeyUsage):
+            return NotImplemented
+
+        return (
+            self.digital_signature == other.digital_signature and
+            self.content_commitment == other.content_commitment and
+            self.key_encipherment == other.key_encipherment and
+            self.data_encipherment == other.data_encipherment and
+            self.key_agreement == other.key_agreement and
+            self.key_cert_sign == other.key_cert_sign and
+            self.crl_sign == other.crl_sign and
+            self._encipher_only == other._encipher_only and
+            self._decipher_only == other._decipher_only
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
 
 class AuthorityInformationAccess(object):
     def __init__(self, descriptions):
@@ -914,6 +942,15 @@ class SubjectAlternativeName(object):
     def __repr__(self):
         return "<SubjectAlternativeName({0})>".format(self._general_names)
 
+    def __eq__(self, other):
+        if not isinstance(other, SubjectAlternativeName):
+            return NotImplemented
+
+        return self._general_names == other._general_names
+
+    def __ne__(self, other):
+        return not self == other
+
 
 class AuthorityKeyIdentifier(object):
     def __init__(self, key_identifier, authority_cert_issuer,
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index cf698efa..72f2f9e4 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -463,6 +463,57 @@ class TestKeyUsage(object):
             "only=False)>"
         )
 
+    def test_eq(self):
+        ku = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=True,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=True
+        )
+        ku2 = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=True,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=True
+        )
+        assert ku == ku2
+
+    def test_ne(self):
+        ku = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=True,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=True
+        )
+        ku2 = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=False,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=False
+        )
+        assert ku != ku2
+        assert ku != object()
+
 
 class TestSubjectKeyIdentifier(object):
     def test_properties(self):
@@ -622,6 +673,19 @@ class TestBasicConstraints(object):
             "<BasicConstraints(ca=True, path_length=None)>"
         )
 
+    def test_eq(self):
+        na = x509.BasicConstraints(ca=True, path_length=None)
+        na2 = x509.BasicConstraints(ca=True, path_length=None)
+        assert na == na2
+
+    def test_ne(self):
+        na = x509.BasicConstraints(ca=True, path_length=None)
+        na2 = x509.BasicConstraints(ca=True, path_length=1)
+        na3 = x509.BasicConstraints(ca=False, path_length=None)
+        assert na != na2
+        assert na != na3
+        assert na != object()
+
 
 class TestExtendedKeyUsage(object):
     def test_not_all_oids(self):
@@ -1077,6 +1141,25 @@ class TestSubjectAlternativeName(object):
             "<SubjectAlternativeName([<DNSName(value=cryptography.io)>])>"
         )
 
+    def test_eq(self):
+        san = x509.SubjectAlternativeName(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        san2 = x509.SubjectAlternativeName(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        assert san == san2
+
+    def test_ne(self):
+        san = x509.SubjectAlternativeName(
+            [x509.DNSName(u"cryptography.io")]
+        )
+        san2 = x509.SubjectAlternativeName(
+            [x509.RFC822Name(u"admin@cryptography.io")]
+        )
+        assert san != san2
+        assert san != object()
+
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)