Please review the fix at http://cr.openjdk.java.net/~weijun/8242184/webrev.00/
The major change is inside X509CRLImpl.java to allow params setting and reading. I also take this chance to: 1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss". 2. Revert a former change in X509CertImpl.java, which might be a safer call. Thanks, Max