[8] 8012636: OCSP validation fails even when public key is trusted

[Vincent Ryan]

Please review this fix to support key-rollover certs
(same name, different keys):

Bug: https://bugs.openjdk.java.net/browse/JDK-8012636
Webrev: http://cr.openjdk.java.net/~vinnie/8012636/webrev.00/

This issue arises when an OCSP responder replaces its public key
but retains its subject name. The OCSP client must be able to
validate responses signed by both keys.

Thanks.