From 48e264a193c0dabdbecbf7774557fbf1cb250653 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Mon, 6 Feb 2017 17:47:17 +0100
Subject: [PATCH] fixed regression #611

---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index a81832f..6d2462b 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -6212,7 +6212,7 @@ certificate_info() {
 
      # Get both CRL and OCSP URL upfront. If there's none, this is not good. And we need to penalize this in the output
      crl="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | \
-           awk '/X509v3 CRL Distribution/{i=14} i&&i--' | awk -F'URI:' '/URI/ { print $2 }')"
+           awk '/X509v3 CRL Distribution/{i=50} i&&i--' | awk '/^$/,/^            [a-zA-Z0-9]+|^    Signature Algorithm:/' | awk -F'URI:' '/URI/ { print $2 }')"
      ocsp_uri=$($OPENSSL x509 -in $HOSTCERT -noout -ocsp_uri 2>>$ERRFILE)
 
      out "$indent"; pr_bold " Certificate Revocation List  "