--- a/ChangeLog.API	Sun Feb 26 02:59:09 2012 +0000
+++ b/ChangeLog.API	Sun Feb 26 03:01:41 2012 +0000
@@ -9,6 +9,7 @@
 		* purple_account_set_ui_data
 		* purple_account_register_completed
 		* purple_certificate_get_der_data
+		* purple_certificate_get_display_string
 		* purple_conv_chat_cb_get_alias
 		* purple_conv_chat_cb_get_flags
 		* purple_conv_chat_cb_is_buddy

--- a/libpurple/certificate.c	Sun Feb 26 02:59:09 2012 +0000
+++ b/libpurple/certificate.c	Sun Feb 26 03:01:41 2012 +0000
@@ -518,6 +518,24 @@
 }
 
 gchar *
+purple_certificate_get_display_string(PurpleCertificate *crt)
+{
+	PurpleCertificateScheme *scheme;
+	gchar *str;
+
+	g_return_val_if_fail(crt, NULL);
+	g_return_val_if_fail(crt->scheme, NULL);
+
+	scheme = crt->scheme;
+
+	g_return_val_if_fail(scheme->get_display_string, NULL);
+
+	str = (scheme->get_display_string)(crt);
+
+	return str;
+}
+
+gchar *
 purple_certificate_pool_mkpath(PurpleCertificatePool *pool, const gchar *id)
 {
 	gchar *path;
@@ -2168,43 +2186,10 @@
 void
 purple_certificate_display_x509(PurpleCertificate *crt)
 {
-	gchar *sha_asc;
-	GByteArray *sha_bin;
-	gchar *cn;
-	time_t activation, expiration;
-	gchar *activ_str, *expir_str;
 	gchar *secondary;
 
-	/* Pull out the SHA1 checksum */
-	sha_bin = purple_certificate_get_fingerprint_sha1(crt);
-	/* Now decode it for display */
-	sha_asc = purple_base16_encode_chunked(sha_bin->data,
-					       sha_bin->len);
-
-	/* Get the cert Common Name */
-	/* TODO: Will break on CA certs */
-	cn = purple_certificate_get_subject_name(crt);
-
-	/* Get the certificate times */
-	/* TODO: Check the times against localtime */
-	/* TODO: errorcheck? */
-	if (!purple_certificate_get_times(crt, &activation, &expiration)) {
-		purple_debug_error("certificate",
-				   "Failed to get certificate times!\n");
-		activation = expiration = 0;
-	}
-	activ_str = g_strdup(ctime(&activation));
-	expir_str = g_strdup(ctime(&expiration));
-
 	/* Make messages */
-	secondary = g_strdup_printf(_("Common name: %s\n\n"
-								  "Fingerprint (SHA1): %s\n\n"
-								  "Activation date: %s\n"
-								  "Expiration date: %s\n"),
-								cn ? cn : "(null)",
-								sha_asc ? sha_asc : "(null)",
-								activ_str ? activ_str : "(null)",
-								expir_str ? expir_str : "(null)");
+	secondary = purple_certificate_get_display_string(crt);
 
 	/* Make a semi-pretty display */
 	purple_notify_info(
@@ -2214,12 +2199,7 @@
 		secondary);
 
 	/* Cleanup */
-	g_free(cn);
 	g_free(secondary);
-	g_free(sha_asc);
-	g_free(activ_str);
-	g_free(expir_str);
-	g_byte_array_free(sha_bin, TRUE);
 }
 
 void purple_certificate_add_ca_search_path(const char *path)

--- a/libpurple/certificate.h	Sun Feb 26 02:59:09 2012 +0000
+++ b/libpurple/certificate.h	Sun Feb 26 03:01:41 2012 +0000
@@ -261,8 +261,16 @@
 	 */
 	GByteArray * (* get_der_data)(PurpleCertificate *crt);
 
+	/**
+	 * Retrieves a string representation of the certificate suitable for display
+	 *
+	 * @param crt   Certificate instance
+	 * @return User-displayable string representation of certificate - must be
+	 *         freed using g_free().
+	 */
+	gchar * (* get_display_string)(PurpleCertificate *crt);
+
 	void (*_purple_reserved1)(void);
-	void (*_purple_reserved2)(void);
 };
 
 /** A set of operations used to provide logic for verifying a Certificate's
@@ -577,6 +585,17 @@
 GByteArray *
 purple_certificate_get_der_data(PurpleCertificate *crt);
 
+/**
+ * Retrieves a string suitable for displaying a certificate to the user.
+ *
+ * @param crt Certificate instance
+ *
+ * @return String representing the certificate that may be displayed to the user
+ *         - must be freed using g_free().
+ */
+char *
+purple_certificate_get_display_string(PurpleCertificate *crt);
+
 /*@}*/
 
 /*****************************************************************************/

--- a/libpurple/plugins/ssl/ssl-gnutls.c	Sun Feb 26 02:59:09 2012 +0000
+++ b/libpurple/plugins/ssl/ssl-gnutls.c	Sun Feb 26 03:01:41 2012 +0000
@@ -1173,6 +1173,55 @@
 	return data;
 }
 
+static gchar *
+x509_display_string(PurpleCertificate *crt)
+{
+	gchar *sha_asc;
+	GByteArray *sha_bin;
+	gchar *cn;
+	time_t activation, expiration;
+	gchar *activ_str, *expir_str;
+	gchar *text;
+
+	/* Pull out the SHA1 checksum */
+	sha_bin = x509_sha1sum(crt);
+	sha_asc = purple_base16_encode_chunked(sha_bin->data, sha_bin->len);
+
+	/* Get the cert Common Name */
+	/* TODO: Will break on CA certs */
+	cn = x509_common_name(crt);
+
+	/* Get the certificate times */
+	/* TODO: Check the times against localtime */
+	/* TODO: errorcheck? */
+	if (!x509_times(crt, &activation, &expiration)) {
+		purple_debug_error("certificate",
+				   "Failed to get certificate times!\n");
+		activation = expiration = 0;
+	}
+	activ_str = g_strdup(ctime(&activation));
+	expir_str = g_strdup(ctime(&expiration));
+
+	/* Make messages */
+	text = g_strdup_printf(_("Common name: %s\n\n"
+	                         "Fingerprint (SHA1): %s\n\n"
+	                         "Activation date: %s\n"
+	                         "Expiration date: %s\n"),
+	                       cn ? cn : "(null)",
+	                       sha_asc ? sha_asc : "(null)",
+	                       activ_str ? activ_str : "(null)",
+	                       expir_str ? expir_str : "(null)");
+
+	/* Cleanup */
+	g_free(cn);
+	g_free(sha_asc);
+	g_free(activ_str);
+	g_free(expir_str);
+	g_byte_array_free(sha_bin, TRUE);
+
+	return text;
+}
+
 /* X.509 certificate operations provided by this plugin */
 static PurpleCertificateScheme x509_gnutls = {
 	"x509",                          /* Scheme name */
@@ -1190,8 +1239,8 @@
 	x509_times,                      /* Activation/Expiration time */
 	x509_importcerts_from_file,      /* Multiple certificates import function */
 	x509_get_der_data,               /* Binary DER data */
+	x509_display_string,             /* Display representation */
 
-	NULL,
 	NULL
 
 };

--- a/libpurple/plugins/ssl/ssl-nss.c	Sun Feb 26 02:59:09 2012 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Sun Feb 26 03:01:41 2012 +0000
@@ -953,6 +953,55 @@
 	return data;
 }
 
+static gchar *
+x509_display_string(PurpleCertificate *crt)
+{
+	gchar *sha_asc;
+	GByteArray *sha_bin;
+	gchar *cn;
+	time_t activation, expiration;
+	gchar *activ_str, *expir_str;
+	gchar *text;
+
+	/* Pull out the SHA1 checksum */
+	sha_bin = x509_sha1sum(crt);
+	sha_asc = purple_base16_encode_chunked(sha_bin->data, sha_bin->len);
+
+	/* Get the cert Common Name */
+	/* TODO: Will break on CA certs */
+	cn = x509_common_name(crt);
+
+	/* Get the certificate times */
+	/* TODO: Check the times against localtime */
+	/* TODO: errorcheck? */
+	if (!x509_times(crt, &activation, &expiration)) {
+		purple_debug_error("certificate",
+				   "Failed to get certificate times!\n");
+		activation = expiration = 0;
+	}
+	activ_str = g_strdup(ctime(&activation));
+	expir_str = g_strdup(ctime(&expiration));
+
+	/* Make messages */
+	text = g_strdup_printf(_("Common name: %s\n\n"
+	                         "Fingerprint (SHA1): %s\n\n"
+	                         "Activation date: %s\n"
+	                         "Expiration date: %s\n"),
+	                       cn ? cn : "(null)",
+	                       sha_asc ? sha_asc : "(null)",
+	                       activ_str ? activ_str : "(null)",
+	                       expir_str ? expir_str : "(null)");
+
+	/* Cleanup */
+	g_free(cn);
+	g_free(sha_asc);
+	g_free(activ_str);
+	g_free(expir_str);
+	g_byte_array_free(sha_bin, TRUE);
+
+	return text;
+}
+
 static PurpleCertificateScheme x509_nss = {
 	"x509",                          /* Scheme name */
 	N_("X.509 Certificates"),        /* User-visible scheme name */
@@ -969,8 +1018,8 @@
 	x509_times,                      /* Activation/Expiration time */
 	x509_importcerts_from_file,      /* Multiple certificate import function */
 	x509_get_der_data,               /* Binary DER data */
+	x509_display_string,             /* Display representation */
 
-	NULL,
 	NULL
 };