RFR: 8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails [v2]

[Sean Mullan]

> Please review this change which fixes an issue in revocation checking of CRLs. A certificate's CRL Distribution Points extension can contain multiple Distribution Points (DPs), and each DP can contain one or more references to a CRL. These CRL references are typically specified as URLs.
> 
> If there is an issue fetching one of the CRLs (ex: a network error), the JDK implementation saves the exception, but continues to check for other CRLs, and if no other CRLs can be fetched, it throws the exception.  This was working for the case in which multiple CRL references were in the same DP, but not if they were in separate DPs - in that case the exception was thrown immediately and no further CRLs were checked. 
> 
> This also caused inconsistent behavior when the CRL cache was still fresh, as subsequent attempts would skip the CRL with the network issue (while the cache was fresh) and find the other CRLs, until the cache became stale again (30 seconds). The cache is working correctly though. The problem is that the code should continue to check for more CRLs.
> 
> A new test has been added which exercises both cases above.

Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:

  Remove unnecessary module java.base/sun.security.provider.certpath.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/18656/files
  - new: https://git.openjdk.org/jdk/pull/18656/files/b543830b..71838754

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=18656&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=18656&range=00-01

  Stats: 1 line in 1 file changed: 0 ins; 1 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/18656.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/18656/head:pull/18656

PR: https://git.openjdk.org/jdk/pull/18656