One of the arguments of CERT_VerifyCertificate function is an address of CERTCertificateUsage that is a bit field data type that contains all possible certificate usages. CERT_VerifyCertificate suppose to return all valid cert usages if this address is not equal to NULL.
Libpkix does not support this feature.
Note that CERT_VerifyCert does not have the feature either.
CERT_VerifyCertificate accomplishes this essentially by performing
CERT_VerifyCert in a loop, performing it in its entirety once for
each of the requested usages.
While that is not the most efficient way to accomplish this task,
the "wrapper" version of CERT_VerifyCertificate could do the same
as the older version, calling the wrapper version of CERT_VerifyCert
in a loop, once for each requested usage, and the result would be
equivalent to what CERT_VerifyCertificate does now (in 3.11)
Since this is a wrapper issue, assigning to Alexei
Patch for 390888 will have fix for this bug. Leave this bug open for now.
Re-targeting for later release, as this functionality is needed for CERT_PKIX_VerifyCert API only.