Until now, Stroke would not do trust anchor checking because there was no suitable way to getting to a default trust store. This patch makes stroke use JDK's default trust store for looking up trust anchors. If it can find the trust anchor in JDK's store, it proceeds to do validy check. If any check fails, an error is set and it is upto the client to decide if client is happy with certificate. Test-information: I tested with with an XMPP client MLC. I got prompted with cert for server whose CA was not in Java Trust Store. After adding the CA to JDK trust store, no prompt was seen I then renewed the certificte with validity = 2 minutes. On doing a connection, MLC prompted me because the certificate was expired even though the CA was in the trust store. Change-Id: Id3fc86d85641f07814ff8621b8bf038cde406063 Reviewer: Nick Hudson <nick.hudson@isode.com> Reviewer: Kevin Smith <kevin.smith@isode.com>