gitlab pages: dots in subdomain break tls, need to sanitize periods (.) to hypens (-) in pages subdomain
Summary
when a namespace contains a period within it, the sudomain portion of the gitlab-pages domain gets a period injected into it, which conflicts with ssl/tls certificate wildcard machinery
Steps to reproduce
enable tls on gitlab pages, example "pages.example.org" create a user with a dot in the username, example "foo.bar" setup an example gitlab-pages build build the gitlab pages (gitlab runner required) visit the gitlab pages url with tls "foo.bar.pages.example.org" note that tls certificate issued for ".pages.example.org" is invalid for ".*.pages.example.org"
I would have issued a certificate for the double wildcard, however its common for public tls authorities to forbid double wildcard certificates or tls SANs
Example Project
$ http https://examplefoo.bar.gitlab.io/gitlab-pages-test/
http: error: ConnectionError: HTTPSConnectionPool(host='examplefoo.bar.gitlab.io', port=443): Max retries exceeded with url: /gitlab-pages-test/ (Caused by SSLError(CertificateError("hostname 'examplefoo.bar.gitlab.io' doesn't match either of '*.gitlab.io', 'gitlab.io'",),))
What is the current bug behavior?
dots are injected into dns subdomains, which is incompatible with tls
What is the expected correct behavior?
dots should be sanitized (possibly to a hyphen) in subdomain parts, making dotted namespaces compatible with gitlab pages in a current tls deployment
Output of checks
This bug happens on GitLab.com
Possible fixes
if I knew I would suggest a fix, the codebase is too vast for me to identify this at a glance