Fix the RFC 5280 validation

[grandamp]

I know the validation is broken, and it's where I've tried micromanage the validation process, along with the use of singletons.

I need to do some research on the latest JDK and see if it's interpretation has improved.

It used to throw exceptions during PKIX/5280 validation when encountering policyConstraint extensions that are not flagged as critical. (A mis-informed interpretation of RFC 5280)