Just checked the RFCs and I'm not sure how to handle this. The RFC 5280 defining certificates specifically refers to RFC1034. (https://tools.ietf.org/html/rfc5280#section-4.2.1.6)
Also, I really don't want to allow any binary string, since there was already at least one known problem with DNS spoofing (null characters).
Is it only the leading letter that bothers you? Would making this regex configurable be enough for your case?
Just checked the RFCs and I'm not sure how to handle this. The RFC 5280 defining certificates specifically refers to RFC1034. (https:/ /tools. ietf.org/ html/rfc5280# section- 4.2.1.6)
Also, I really don't want to allow any binary string, since there was already at least one known problem with DNS spoofing (null characters).
Is it only the leading letter that bothers you? Would making this regex configurable be enough for your case?