CRL can be configured by distribution point extension in certificates. To allow such case we have to set empty certificate-revocation-lists, which works as expected. However, in case we set empty certificate-revocation-list (the attribute from the initial implementation, also valid configuration), maximum-cert-path is not taken into account, no warning for a user. Also setting just certificate-revocation-list.maximum-cert-path cannot be used and results in NullPointerException.

The issue was probably introduced with the certificate-revocation-lists feature.