Index: generic/tlsX509.c
==================================================================
--- generic/tlsX509.c
+++ generic/tlsX509.c
@@ -67,10 +67,23 @@
     sprintf(bp,"%s %2d %02d:%02d:%02d %d%s", mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"");
     return bp;
  err:
     return "Bad time value";
 }
+
+/*
+ * Binary string to hex string
+ */
+int String_to_Hex(char* input, int len, char *output, int max) {
+    int count = 0;
+
+    for (int i = 0; i < len && count < max - 1; i++, count += 2) {
+	sprintf(output + count, "%02X", input[i] & 0xff);
+    }
+    output[count] = 0;
+    return count;
+}
 
 /*
  *------------------------------------------------------*
  *
  *	Tls_NewX509Obj --
@@ -100,17 +113,17 @@
     char subject[BUFSIZ];
     char issuer[BUFSIZ];
     char serial[BUFSIZ];
     char notBefore[BUFSIZ];
     char notAfter[BUFSIZ];
+    char publicKey[BUFSIZ];
     char certStr[CERT_STR_SIZE], *certStr_p;
     int certStr_len, toRead;
     char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
     unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
     char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
     unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
-    const char *shachars="0123456789ABCDEF";
     int nid, pknid, bits, num_of_exts, len;
     uint32_t xflags;
     unsigned char *bstring;
     STACK_OF(GENERAL_NAME) *san;
 
@@ -186,34 +199,31 @@
     /* Version */
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("version", -1));
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewLongObj(X509_get_version(cert)+1));
 
     /* Signature algorithm */
-    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureAlgorithm", -1));
+    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signature", -1));
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(X509_get_signature_nid(cert)),-1));
  
     /* Information about the signature of certificate cert */
     if (X509_get_signature_info(cert, &nid, &pknid, &bits, &xflags) == 1) {
 	ASN1_BIT_STRING *key;
 
-	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("digest", -1));
+	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signingDigest", -1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(nid),-1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKeyAlgorithm", -1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(pknid),-1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags));
 	
-	if (pknid == NID_rsaEncryption || pknid == NID_dsa) {
-	    EVP_PKEY *pkey = X509_get_pubkey(cert);
-	}
-	
-	/* X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public key. */
+	/* Public key - X509_get0_pubkey */
 	key = X509_get0_pubkey_bitstr(cert);
+	len = String_to_Hex(key->data, key->length, publicKey, BUFSIZ);
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1));
-	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)key->data, key->length);
+	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
 	
 	/* Check if cert was issued by CA cert issuer or self signed */
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
     }
@@ -231,23 +241,17 @@
     bstring = X509_keyid_get0(cert, &len);
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len));
 
     /* SHA1 Fingerprint of cert - DER representation */
     X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len);
-    for (int n = 0; n < SHA_DIGEST_LENGTH; n++) {
-        sha1_hash_ascii[n*2]   = shachars[(sha1_hash_binary[n] & 0xF0) >> 4];
-        sha1_hash_ascii[n*2+1] = shachars[(sha1_hash_binary[n] & 0x0F)];
-    }
+    len = String_to_Hex(sha1_hash_binary, len, sha1_hash_ascii, BUFSIZ);
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1));
-    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, SHA_DIGEST_LENGTH * 2));
+    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, len));
 
     /* SHA256 Fingerprint of cert - DER representation */
     X509_digest(cert, EVP_sha256(), sha256_hash_binary, &len);
-    for (int n = 0; n < SHA256_DIGEST_LENGTH; n++) {
-	sha256_hash_ascii[n*2]   = shachars[(sha256_hash_binary[n] & 0xF0) >> 4];
-	sha256_hash_ascii[n*2+1] = shachars[(sha256_hash_binary[n] & 0x0F)];
-    }
+    len = String_to_Hex(sha256_hash_binary, len, sha256_hash_ascii, BUFSIZ);
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha256_hash", -1));
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2));
 
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subject", -1));
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( subject, -1));