3 files changed, 33 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 7bfeb2ce..5e42b8e4 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -226,6 +226,10 @@ class _Certificate(object):
     def __ne__(self, other):
         return not self == other
 
+    def __hash__(self):
+        # TODO: Using fingerprint() with SHA256 is way overkill.
+        return hash(self.fingerprint(hashes.SHA256()))
+
     def fingerprint(self, algorithm):
         h = hashes.Hash(algorithm, self._backend)
         bio = self._backend._create_mem_bio()
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index afd28f20..8d28c35c 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1324,6 +1324,12 @@ class Certificate(object):
         """
 
     @abc.abstractmethod
+    def __hash__(self):
+        """
+        Computes a hash.
+        """
+
+    @abc.abstractmethod
     def public_bytes(self, encoding):
         """
         Serializes the certificate to PEM or DER format.
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 90b3fe5f..d4a27bc3 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -347,6 +347,29 @@ class TestRSACertificate(object):
         assert cert != cert2
         assert cert != object()
 
+    def test_hash(self, backend):
+        cert1 = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert2 = _load_cert(
+            os.path.join("x509", "custom", "post2000utctime.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert3 = _load_cert(
+            os.path.join(
+                "x509", "PKITS_data", "certs",
+                "ValidGeneralizedTimenotAfterDateTest8EE.crt"
+            ),
+            x509.load_der_x509_certificate,
+            backend
+        )
+
+        assert hash(cert1) == hash(cert2)
+        assert hash(cert1) != hash(cert3)
+
     def test_version_1_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "v1_cert.pem"),