Please review this fix to support key-rollover certs (same name, different keys):
Bug: https://bugs.openjdk.java.net/browse/JDK-8012636 Webrev: http://cr.openjdk.java.net/~vinnie/8012636/webrev.00/ This issue arises when an OCSP responder replaces its public key but retains its subject name. The OCSP client must be able to validate responses signed by both keys. Thanks.
