[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem

Kingsley Tart kingsley at dns99.co.uk
Wed Dec 1 18:21:24 CST 2021


On Wed, 2021-12-01 at 22:54 +0100, Antony Stone wrote:
> So, https://datatracker.ietf.org/doc/html/rfc5922#section-7.2 does seem pretty 
> clear about this.  "Implementations MUST NOT match any form of wildcard"
> 
> Have you contacted the provider who is using a wildcard certificate in this way 
> and referred them to the RFC?

No I haven't, but if I did I suspect they would take no notice. Twilio
is a big provider who do what they do because they can.

And I can see why they do this, because customers can set up their own
SIP trunks on their system with their unique hostname, so it makes
sense for them to have a wildcard cert, whether in violation of the RFC
or not.

-- 
Cheers,
Kingsley.




More information about the asterisk-users mailing list