diff --git a/Data/X509/Validation.hs b/Data/X509/Validation.hs
--- a/Data/X509/Validation.hs
+++ b/Data/X509/Validation.hs
@@ -16,6 +16,7 @@
     , defaultChecks
     , validate
     , validateWith
+    , getFingerprint
     ) where
 
 import Control.Applicative
@@ -23,6 +24,7 @@
 import Data.X509
 import Data.X509.CertificateStore
 import Data.X509.Validation.Signature
+import Data.X509.Validation.Fingerprint
 import Data.Time.Clock
 import Data.Maybe
 import Data.List
@@ -44,13 +46,17 @@
     | EmptyChain               -- ^ empty chain of certificate
     deriving (Show,Eq)
 
+-- | A set of checks to activate or parametrize to perform on certificates.
+--
+-- It's recommended to use 'defaultChecks' to create the structure,
+-- to better cope with future changes or expansion of the structure.
 data Checks = Checks
     {
     -- | check time validity of every certificate in the chain.
     -- the make sure that current time is between each validity bounds
     -- in the certificate
       checkTimeValidity   :: Bool
-    -- | Check that no certificate is included that doesn't
+    -- | Check that no certificate is included that shouldn't be included.
     -- unfortunately despite the specification violation, a lots of
     -- real world server serves useless and usually old certificates
     -- that are not relevant to the certificate sent, in their chain.
@@ -105,7 +111,7 @@
             -- check if we have a trusted certificate in the store belonging to this issuer.
             return r |> (case findCertificate (certIssuerDN cert) store of
                 Just trustedSignedCert      -> return $ checkSignature current trustedSignedCert
-                Nothing | isSelfSigned cert -> return [SelfSigned]
+                Nothing | isSelfSigned cert -> return [SelfSigned] |> return (checkSignature current current)
                         | null chain        -> return [UnknownCA]
                         | otherwise         ->
                             case findIssuer (certIssuerDN cert) chain of
diff --git a/Data/X509/Validation/Fingerprint.hs b/Data/X509/Validation/Fingerprint.hs
new file mode 100644
--- /dev/null
+++ b/Data/X509/Validation/Fingerprint.hs
@@ -0,0 +1,36 @@
+-- |
+-- Module      : Data.X509.Validation.Fingerprint
+-- License     : BSD-style
+-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
+-- Stability   : experimental
+-- Portability : unknown
+--
+module Data.X509.Validation.Fingerprint
+    ( getFingerprint
+    , toDescr
+    ) where
+
+import Crypto.PubKey.HashDescr
+import Data.X509
+import Data.ASN1.Types
+import Data.ByteString (ByteString)
+
+-- | Get the fingerprint of the whole signed object
+-- using the hashing algorithm specified
+getFingerprint :: (Show a, Eq a, ASN1Object a)
+               => SignedExact a -- ^ object to fingerprint
+               -> HashALG       -- ^ algorithm to compute the fingerprint
+               -> ByteString    -- ^ fingerprint in binary form
+getFingerprint sobj halg = hashF $ encodeSignedObject sobj
+  where hashDescr = toDescr halg
+        hashF     = hashFunction hashDescr
+
+-- | Convert a hash algorithm into a Hash Description
+toDescr :: HashALG -> HashDescr
+toDescr HashMD2    = hashDescrMD2
+toDescr HashMD5    = hashDescrMD5
+toDescr HashSHA1   = hashDescrSHA1
+toDescr HashSHA224 = hashDescrSHA224
+toDescr HashSHA256 = hashDescrSHA256
+toDescr HashSHA384 = hashDescrSHA384
+toDescr HashSHA512 = hashDescrSHA512
diff --git a/Data/X509/Validation/Signature.hs b/Data/X509/Validation/Signature.hs
--- a/Data/X509/Validation/Signature.hs
+++ b/Data/X509/Validation/Signature.hs
@@ -16,11 +16,13 @@
 import qualified Crypto.PubKey.RSA.PKCS15 as RSA
 import qualified Crypto.PubKey.DSA as DSA
 import qualified Crypto.Hash.SHA1 as SHA1
-import Crypto.PubKey.HashDescr
 
 import Data.ByteString (ByteString)
 import Data.X509
+import Data.X509.Validation.Fingerprint
 import Data.ASN1.Types
+import Data.ASN1.Encoding
+import Data.ASN1.BinaryEncoding
 
 -- | A set of possible return from signature verification.
 --
@@ -37,7 +39,10 @@
     deriving (Show,Eq)
 
 -- | Verify a Signed object against a specified public key
-verifySignedSignature :: (Eq a, ASN1Object a) => SignedExact a -> PubKey -> SignatureVerification
+verifySignedSignature :: (Show a, Eq a, ASN1Object a)
+                      => SignedExact a
+                      -> PubKey
+                      -> SignatureVerification
 verifySignedSignature signedObj pubKey =
     verifySignature (signedAlg signed)
                     pubKey
@@ -60,19 +65,19 @@
                                                             else SignatureFailed
     | otherwise                       = SignaturePubkeyMismatch
   where
-        toDescr HashMD2    = hashDescrMD2
-        toDescr HashMD5    = hashDescrMD5
-        toDescr HashSHA1   = hashDescrSHA1
-        toDescr HashSHA224 = hashDescrSHA224
-        toDescr HashSHA256 = hashDescrSHA256
-        toDescr HashSHA384 = hashDescrSHA384
-        toDescr HashSHA512 = hashDescrSHA512
 
         verifyF (PubKeyRSA key) = Just $ RSA.verify (toDescr hashALG) key
         verifyF (PubKeyDSA key)
-            | hashALG == HashSHA1 && False = Just $ \a -> DSA.verify SHA1.hash key (dsaToSignature a)
+            | hashALG == HashSHA1 = Just $ \a b -> case dsaToSignature a of
+                                                    Nothing     -> False
+                                                    Just dsaSig -> DSA.verify SHA1.hash key dsaSig b
             | otherwise           = Nothing
         verifyF _ = Nothing
 
-        -- TODO : need to work out how to get R/S from the bytestring
-        dsaToSignature _ = DSA.Signature 0 0
+        dsaToSignature :: ByteString -> Maybe DSA.Signature
+        dsaToSignature b =
+            case decodeASN1' BER b of
+                Left _     -> Nothing
+                Right asn1 -> case fromASN1 asn1 of
+                                Left _            -> Nothing
+                                Right (dsaSig, _) -> Just dsaSig
diff --git a/x509-validation.cabal b/x509-validation.cabal
--- a/x509-validation.cabal
+++ b/x509-validation.cabal
@@ -1,5 +1,5 @@
 Name:                x509-validation
-Version:             1.4.1
+Version:             1.4.2
 Description:         X.509 Certificate and CRL validation
 License:             BSD3
 License-file:        LICENSE
@@ -19,7 +19,8 @@
                    , mtl
                    , pem >= 0.1 && < 0.2
                    , asn1-types
-                   , x509
+                   , asn1-encoding
+                   , x509 >= 1.4.2
                    , x509-store
                    , crypto-pubkey >= 0.1.4
                    , crypto-pubkey-types >= 0.4.0
@@ -31,6 +32,7 @@
                    , time
   Exposed-modules:   Data.X509.Validation
   Other-modules:     Data.X509.Validation.Signature
+                     Data.X509.Validation.Fingerprint
   ghc-options:       -Wall
 
 source-repository head
