SKI is expected to be always octet wrapped - do not check for length

resolves GH-131

Author: kares

src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java

@@ -231,10 +231,7 @@ public static int checkIfIssuedBy(final X509AuxCertificate issuer,
             if ( sakid.getKeyIdentifier() != null ) {
                 if ( issuer.getExtensionValue("2.5.29.14") != null ) {
                     DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14"));
-                    if ( der.getOctets().length > 20 ) {
-                        der = (DEROctetString) get(der.getOctets());
-                    }
-                    SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(der);
+                    SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(get(der.getOctets()));
                     if ( iskid.getKeyIdentifier() != null ) {
                         if ( ! Arrays.equals( sakid.getKeyIdentifier(), iskid.getKeyIdentifier() ) ) {
                             return V_ERR_AKID_SKID_MISMATCH;