1 files changed, 38 insertions, 7 deletions

diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
index 12f01b2..cf9ed3c 100644
--- a/src/ne_gnutls.c
+++ b/src/ne_gnutls.c
@@ -1463,6 +1463,41 @@ char *ne_ssl_cert_export(const ne_ssl_certificate *cert)
     return ret;
 }
 
+static gnutls_digest_algorithm_t hash_to_alg(unsigned int flags)
+{
+    switch (flags & NE_HASH_ALGMASK) {
+    case NE_HASH_MD5: return GNUTLS_DIG_MD5; break;
+    case NE_HASH_SHA256: return GNUTLS_DIG_SHA256; break;
+    case NE_HASH_SHA512: return GNUTLS_DIG_SHA512; break;
+    default: break;
+    }
+    return GNUTLS_DIG_UNKNOWN;
+}
+
+char *ne_ssl_cert_hdigest(const ne_ssl_certificate *cert, unsigned int flags)
+{
+    gnutls_digest_algorithm_t alg = hash_to_alg(flags);
+    unsigned char *dig;
+    size_t len;
+    char *rv;
+
+    if (alg == GNUTLS_DIG_UNKNOWN) return NULL;
+
+    if (gnutls_x509_crt_get_fingerprint(cert->subject, alg, NULL, &len) != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+        return NULL;
+    }
+
+    dig = ne_malloc(len);
+    if (gnutls_x509_crt_get_fingerprint(cert->subject, alg, dig, &len) < 0) {
+        ne_free(dig);
+        return NULL;
+    }
+
+    rv = ne__strhash2hex(dig, len, flags);
+    ne_free(dig);
+    return rv;
+}
+
 int ne_ssl_cert_digest(const ne_ssl_certificate *cert, char *digest)
 {
     char sha1[20], *p;
@@ -1509,19 +1544,15 @@ void ne__ssl_exit(void)
 
 char *ne_vstrhash(unsigned int flags, va_list ap)
 {
-    gnutls_digest_algorithm_t alg;
+    gnutls_digest_algorithm_t alg = hash_to_alg(flags);
     gnutls_hash_hd_t hd;
     unsigned char *out;
     const char *arg;
     unsigned len;
     char *rv;
 
-    switch (flags & NE_HASH_ALGMASK) {
-    case NE_HASH_MD5: alg = GNUTLS_DIG_MD5; break;
-    case NE_HASH_SHA256: alg = GNUTLS_DIG_SHA256; break;
-    case NE_HASH_SHA512: alg = GNUTLS_DIG_SHA512; break;
-    default: return NULL;
-    }
+    if (alg == GNUTLS_DIG_UNKNOWN)
+        return NULL;
 
     if (gnutls_hash_init(&hd, alg) < 0)
         return NULL;