diff --git a/ssl/ssl.h b/ssl/ssl.h
index 198efc689..97e87d495 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -371,6 +371,15 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code);
  */
 EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
 
+/**
+ * @brief Check if certificate fingerprint (SHA1) matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA1 fingerprint to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
+
 /**
  * @brief Retrieve an X.509 distinguished name component.
  * 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index a5b9f014f..c2895ea5f 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1887,6 +1887,15 @@ error:
     return ret;
 }
 
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
+{
+    uint8_t cert_fp[SHA1_SIZE];
+    X509_CTX* x509 = ssl->x509_ctx;
+
+    bi_export(x509->rsa_ctx->bi_ctx, x509->fingerprint, cert_fp, SHA1_SIZE);
+    return memcmp(cert_fp, fp, SHA1_SIZE);
+}
+
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
 
 /**