One of the arguments of CERT_VerifyCertificate function is an address of CERTCertificateUsage that is a bit field data type that contains all possible certificate usages. CERT_VerifyCertificate suppose to return all valid cert usages if this address is not equal to NULL. Libpkix does not support this feature.
Note that CERT_VerifyCert does not have the feature either. CERT_VerifyCertificate accomplishes this essentially by performing CERT_VerifyCert in a loop, performing it in its entirety once for each of the requested usages. While that is not the most efficient way to accomplish this task, the "wrapper" version of CERT_VerifyCertificate could do the same as the older version, calling the wrapper version of CERT_VerifyCert in a loop, once for each requested usage, and the result would be equivalent to what CERT_VerifyCertificate does now (in 3.11)
Since this is a wrapper issue, assigning to Alexei
Patch for 390888 will have fix for this bug. Leave this bug open for now.
Re-targeting for later release, as this functionality is needed for CERT_PKIX_VerifyCert API only.