--- a/libpurple/plugins/ssl/ssl-nss.c	Thu Sep 13 03:44:47 2007 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Thu Sep 13 04:27:46 2007 +0000
@@ -24,6 +24,7 @@
 #include "certificate.h"
 #include "plugin.h"
 #include "sslconn.h"
+#include "util.h"
 #include "version.h"
 
 #define SSL_NSS_PLUGIN_ID "ssl-nss"
@@ -34,6 +35,7 @@
 
 #include <nspr.h>
 #include <nss.h>
+#include <nssb64.h>
 #include <pk11func.h>
 #include <prio.h>
 #include <secerr.h>
@@ -454,11 +456,48 @@
  *
  * @return TRUE if success, otherwise FALSE
  */
+/* This function should not be so complicated, but NSS doesn't seem to have a
+   "convert yon certificate to PEM format" function. */
 static gboolean
 x509_export_certificate(const gchar *filename, PurpleCertificate *crt)
 {
-	/* TODO: WRITEME */
-	return FALSE;
+	CERTCertificate *crt_dat;
+	SECItem *dercrt;
+	gchar *b64crt;
+	gchar *pemcrt;
+	gboolean ret = FALSE;
+
+	g_return_val_if_fail(filename, FALSE);
+	g_return_val_if_fail(crt, FALSE);
+	g_return_val_if_fail(crt->scheme == &x509_nss, FALSE);
+
+	crt_dat = X509_NSS_DATA(crt);
+	g_return_val_if_fail(crt_dat, FALSE);
+
+	purple_debug_info("nss/x509",
+			  "Exporting certificate to %s\n", filename);
+	
+	/* First, use NSS voodoo to create a DER-formatted certificate */
+	dercrt = SEC_ASN1EncodeItem(NULL, NULL, crt_dat,
+				    SEC_ASN1_GET(SEC_SignedCertificateTemplate));
+	g_return_val_if_fail(dercrt != NULL, FALSE);
+
+	/* Now encode it to b64 */
+	b64crt = NSSBase64_EncodeItem(NULL, NULL, 0, dercrt);
+	SECITEM_FreeItem(dercrt, PR_TRUE);
+	g_return_val_if_fail(b64crt, FALSE);
+
+	/* Wrap it in nice PEM header things */
+	pemcrt = g_strdup_printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", b64crt);
+	PORT_Free(b64crt); /* Notice that b64crt was allocated by an NSS
+			      function; hence, we'll let NSPR free it. */
+
+	/* Finally, dump the silly thing to a file. */
+	ret =  purple_util_write_data_to_file_absolute(filename, pemcrt, -1);
+
+	g_free(pemcrt);
+	
+	return ret;
 }
 
 static PurpleCertificate *