👋 Hello!

Checklist

• I've searched the issue tracker for similar requests

Apologies if this has already been asked and I didn't notice!

Is your feature request related to a problem? Please describe.

Right now, it looks like it's possible to create a CertifiedKey with inconsistent public and private keys, and there doesn't seem to be any functionality out of the box to check if this is the case.

Describe the solution you'd like

Ideally, I'm looking for a Rustls-compatible equivalent for OpenSSL's X509_check_private_key, which verifies that the given public and private keys are consistent ¹:

DESCRIPTION
X509_check_private_key() function checks the consistency of private key pkey with the public key in cert.

This would be great even it functions in the same way that X509_check_private_key does:

BUGS
The X509_check_private_key() and X509_REQ_check_private_key() functions do not check if pkey itself is indeed a private key or not. They merely compare the public materials (e.g., exponent and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair. So they also return success if pkey is a matching public key.

Describe alternatives you've considered
I suppose I could write something myself that does some ASN.1/DER parsing. I feel like this is useful to have!
An external crate that has this functionality would also be great!

Additional context