[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem
cloos at jhcloos.com
Sun Dec 5 17:31:09 CST 2021
>>>>> "JC" == Joshua C Colp <jcolp at sangoma.com> writes:
JC> To be specific, this is in PJSIP land. There was no insisting or anything
JC> and it wasn't a decision we originally made. It's the way that Teluu
JC> implemented the TLS transport in PJSIP and since we use PJSIP then it
JC> applies to us.
my recall is more likely a bit older than that, before pjsip.
there was a thread either in bugs or on one of the lists.
but as later notes pointed out (and i really ought to have thought of ☹)
it is only relevant, as you noted, if verify is on.
at the time i was a fan on wildcards.
then le came along, and then added dns01 support.
now i prefer a separate cert each plus a 3/1/1 tlsa for each port.
but at the time it was anoying.
James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
More information about the asterisk-users