+#ifndef NO_SHA
+/* Compare two certificates: they must be identical for
+ * this to work.
+ */
+int X509_cmp(X509 *a, X509 *b)
+{
+ /* ensure hash is valid */
+ X509_check_purpose(a, -1, 0);
+ X509_check_purpose(b, -1, 0);
+
+ return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+}
+#endif
+