[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem
Adam Caldwell
adam at pr2.net
Wed Dec 1 15:58:31 CST 2021
That particular error does not prevent it from connecting (at least it doesn't in the 18.x I'm using with my own wildcard certs). The problem may be somewhere else -- for example Twilio might require TLS 1.2 or later -- so try adding in
method=tlsv1_2
to you transport configuration. If that doesn't work, you'll want to turn on pjsip debugging (https://www.asterisk.org/debugging-sip-message-traffic-with-pjsip-history/) to see if you can glean something from that.
-Adam
On Wed, Dec 01, 2021 at 09:43:47PM +0000, Kingsley Tart wrote:
> On Wed, 2021-12-01 at 21:49 +0100, Antony Stone wrote:
> > On Wednesday 01 December 2021 at 21:39:52, Kingsley Tart wrote:
> >
> > > Hi,
> > >
> > > I can't get Asterisk to send a SIP call to Twilio over TLS because
> > > it
> > > complains about Twilio's wildcard certificate.
> >
> > What is the exact "complaint"?
> >
> > > Is there a way round this?
> >
> > Maybe, once we know what the error message is :)
>
> Ha, OK, here it is, or rather, several copies of it as I was trying
> various things:
>
> [Nov 29 16:44:08] ERROR[25803] pjproject: tlsc0x7f1c74246778 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
> [Nov 29 16:47:41] ERROR[26205] pjproject: tlsc0x7fb2cc271cd8 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
> [Nov 29 16:54:06] ERROR[26706] pjproject: tlsc0x7f506c257798 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
> [Dec 1 17:11:21] ERROR[27092] pjproject: tlsc0x7fa20c1e9fd8 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
> [Dec 1 17:29:24] ERROR[27934] pjproject: tlsc0x7f7678347ef8 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
> [Dec 1 17:36:11] ERROR[28475] pjproject: tlsc0x7fee2c1d02f8 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
> [Dec 1 17:57:02] ERROR[29731] pjproject: tlsc0x7fd9e80b1be8 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
>
> --
> Cheers,
> Kingsley.
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list