gitlab pages: dots in subdomain break tls, need to sanitize periods (.) to hypens (-) in pages subdomain

Summary

when a namespace contains a period within it, the sudomain portion of the gitlab-pages domain gets a period injected into it, which conflicts with ssl/tls certificate wildcard machinery

Steps to reproduce

enable tls on gitlab pages, example "pages.example.org" create a user with a dot in the username, example "foo.bar" setup an example gitlab-pages build build the gitlab pages (gitlab runner required) visit the gitlab pages url with tls "foo.bar.pages.example.org" note that tls certificate issued for ".pages.example.org" is invalid for ".*.pages.example.org"

I would have issued a certificate for the double wildcard, however its common for public tls authorities to forbid double wildcard certificates or tls SANs

Example Project

$ http https://examplefoo.bar.gitlab.io/gitlab-pages-test/

http: error: ConnectionError: HTTPSConnectionPool(host='examplefoo.bar.gitlab.io', port=443): Max retries exceeded with url: /gitlab-pages-test/ (Caused by SSLError(CertificateError("hostname 'examplefoo.bar.gitlab.io' doesn't match either of '*.gitlab.io', 'gitlab.io'",),))

What is the current bug behavior?

dots are injected into dns subdomains, which is incompatible with tls

What is the expected correct behavior?

dots should be sanitized (possibly to a hyphen) in subdomain parts, making dotted namespaces compatible with gitlab pages in a current tls deployment

Output of checks

This bug happens on GitLab.com

Possible fixes

if I knew I would suggest a fix, the codebase is too vast for me to identify this at a glance