[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem

Joshua C. Colp jcolp at sangoma.com
Thu Dec 2 08:29:40 CST 2021

On Thu, Dec 2, 2021 at 10:18 AM James Cloos <cloos at jhcloos.com> wrote:

> >>>>> "KT" == Kingsley Tart <kingsley at dns99.co.uk> writes:
> KT> I can't get Asterisk to send a SIP call to Twilio over TLS
> KT> because it complains about Twilio's wildcard certificate.
> the sip rfc claims that wildcard certs should be invalid for sip.
> digium insisted on following that advise as set in stone, and so
> asterisk refuses such certs.  i doubt that stance is different
> under sangoma.
> the only workaround is to remind twil of the rfc and get them to
> replace the wildcard with an rfc-copliant cert.  at least for the
> sip ports.

To be specific, this is in PJSIP land. There was no insisting or anything
and it wasn't a decision we originally made. It's the way that Teluu
implemented the TLS transport in PJSIP and since we use PJSIP then it
applies to us. If someone contributed a change to Asterisk to make it
configurable in some way, then we'd certainly review it. At this point
though noone has done such a thing.

Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20211202/06d6a95e/attachment.html>

More information about the asterisk-users mailing list