Please review this fix for a regression that removes the requirement
that a certificate's Authority Key Identifier must match the issuing
certificate's Subject Key Identifier when building a certificate chain.
The certificate chain validation algorithm in RFC 5280 does not require
that the AKID/SKID match.
I have moved the AKID/SKID match into the sorting criteria for building
paths. If they match, it will try that certificate first, but it will
also fallback and search other paths.
A new test has been added to the closed area since it depends on
certificates contributed by the submitter.
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8072463/webrev.00/
--Sean
