Here I attach a patch adding a new function for getting the key_id from a certificate signing request, so you can test if a given private key corresponds to a given CSR.
It's based closely to the gnutls_x509_crt_get_key_id function.
Please, revise it and, if seems ok, add to the repository.