diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs
index a0da2069af4b8e6d35daa7a8fb176e4a91c7d2a9..d9f4aae417ff3e0338e0de851503538422b3641b 100644
--- a/openssl-sys/src/x509.rs
+++ b/openssl-sys/src/x509.rs
@@ -241,6 +241,7 @@ extern "C" {
     pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION)
         -> c_int;
     pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int;
+    pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int;
     #[cfg(any(ossl110, libressl273))]
     pub fn X509_getm_notBefore(x: *const X509) -> *mut ASN1_TIME;
     #[cfg(any(ossl110, libressl273))]
diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs
index d355a54966bc504ad78c17a74f195f5f9ef209df..dc936c4ce9d03ca129e80d05775f3bcf59e08648 100644
--- a/openssl-sys/src/x509v3.rs
+++ b/openssl-sys/src/x509v3.rs
@@ -76,6 +76,7 @@ cfg_if! {
 
 extern "C" {
     pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int;
+    pub fn X509_verify(req: *mut X509, pkey: *mut EVP_PKEY) -> c_int;
 
     pub fn X509V3_set_nconf(ctx: *mut X509V3_CTX, conf: *mut CONF);
 
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 255df6e02a7f7a7b45c48cd29a1024bc7c49cb99..f156269f2da676de5554c5c8e9d9c0a95468876e 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -531,6 +531,23 @@ impl X509Ref {
         }
     }
 
+    /// Check if the certificate is signed using the given public key.
+    ///
+    /// Only the signature is checked: no other checks (such as certificate chain validity)
+    /// are performed.
+    ///
+    /// Returns `true` if verification succeeds.
+    ///
+    /// This corresponds to [`X509_verify"].
+    ///
+    /// [`X509_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html
+    pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>
+    where
+        T: HasPublic,
+    {
+        unsafe { cvt_n(ffi::X509_verify(self.as_ptr(), key.as_ptr())).map(|n| n != 0) }
+    }
+
     /// Returns this certificate's serial number.
     ///
     /// This corresponds to [`X509_get_serialNumber`].
@@ -1128,6 +1145,20 @@ impl X509ReqRef {
         }
     }
 
+    /// Check if the certificate request is signed using the given public key.
+    ///
+    /// Returns `true` if verification succeeds.
+    ///
+    /// This corresponds to [`X509_REQ_verify"].
+    ///
+    /// [`X509_REQ_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_verify.html
+    pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>
+    where
+        T: HasPublic,
+    {
+        unsafe { cvt_n(ffi::X509_REQ_verify(self.as_ptr(), key.as_ptr())).map(|n| n != 0) }
+    }
+
     /// Returns the extensions of the certificate request.
     ///
     /// This corresponds to [`X509_REQ_get_extensions"]
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 5d64ecc3f87f56428d2bc4ff985fd2fb2b89581a..4bd3e5f3e7fc115d8920599e9707684a7f7a0af6 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -225,6 +225,7 @@ fn x509_builder() {
     let x509 = builder.build();
 
     assert!(pkey.public_eq(&x509.public_key().unwrap()));
+    assert!(x509.verify(&pkey).unwrap());
 
     let cn = x509
         .subject_name()
@@ -268,6 +269,7 @@ fn x509_req_builder() {
     let req = builder.build();
     assert!(req.public_key().unwrap().public_eq(&pkey));
     assert_eq!(req.extensions().unwrap().len(), extensions.len());
+    assert!(req.verify(&pkey).unwrap());
 }
 
 #[test]