I think the existence of forged SSL certs that exploit MD5 collisions means that the possibility of two different valid transactions that hash to the same value isn't impossible. We already know what happens in that case - the code gets confused and can be exploited (we saw it with the coinbase duplication issue).
There is nothing in any of these standards that would prevent me from including 1 gigabit
MPEG movie of me playing with my cat as one of the RDN components of the DN in my certificate
SSL cert signing requests have no consistent structure beyond some very loose guidelines that vary a bit from CA to CA. If you were trying to design a data format that was intentionally vulnerable to hash collision attacks, I doubt you could do a better job.