Is your feature request related to a problem? Please describe.
In a recent work-related project, we are getting certificates created (with some Java library AFAIK) by an external source. "External" here means that we have no control over how they are created.

Some of those certificates have empty RDNs in their DNs, for example CN=Foo,O=,C=. Such a certificate can not be decoded with public_key:der_decode and friends and will result in an {asn1, bad_range} error.
Empty RDNs are invalid as far as I understand, and for some like C there are even more restrictions in place, and the decoder contains checks for such cases.
On the other hand, neither Java nor even OpenSSL complain here.

I'm certainly not against enforcing strict rules, but in this case it is a blocker that practically rules out using Erlang for this project.

Describe the solution you'd like
I'm not sure. Removing the checks altogether seems wrong. Maybe an option to der_decode to work "relaxed", ie to not check the validity of certain things?