+ /** Check if the certificates form a chain (i.e. root signs intermediate etc.)
+ * and that the private key matches the leaf certificate.
+ * @param if not nullptr, filled in with a reason for vailure (or untouched
+ * if there is no error)
+ * @return true if the chain is valid, false if not.
+ */