WFSSL-117 google.com certificate is incorrectly identified as RSA giving error "KeyUsage does not allow key encipherment"

[cfredri4]

The following code (get google.com) fails:

        var context = SSLContext.getInstance("TLSv1.3", OpenSSLProvider.INSTANCE);
        context.init(null, null, null);

        var httpClient = HttpClient.newBuilder()
                .sslContext(context)
                .build();

        httpClient.send(HttpRequest.newBuilder(URI.create("https://www.google.com"))
                .GET()
                .build(), BodyHandlers.ofString());

Error is thrown:

Caused by: javax.net.ssl.SSLException: error:0A000086:SSL routines::certificate verify failed
        at org.wildfly.openssl.OpenSSLEngine.unwrap(OpenSSLEngine.java:626)
        at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)

Trace log shows:

sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment
        at java.base/sun.security.validator.EndEntityChecker.checkTLSServer(EndEntityChecker.java:273)
        at java.base/sun.security.validator.EndEntityChecker.check(EndEntityChecker.java:149)
        at java.base/sun.security.validator.Validator.validate(Validator.java:269)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:241)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:113)
        at org.wildfly.openssl.OpenSSLContextSPI.lambda$init$0(OpenSSLContextSPI.java:241)
        at org.wildfly.openssl.SSLImpl.readFromSSL0(Native Method)
        at org.wildfly.openssl.SSLImpl.readFromSSL(SSLImpl.java:153)
        at org.wildfly.openssl.OpenSSLEngine.unwrap(OpenSSLEngine.java:613)
        at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)

Error seems to be in OpenSSLContextSPI which incorrectly determines google.com certificate to be RSA but it's in fact EC and EC certificates does not require key encipherment for TLS.