[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem

[James Cloos]

>>>>> "JC" == Joshua C Colp <jcolp at sangoma.com> writes:

JC> To be specific, this is in PJSIP land. There was no insisting or anything
JC> and it wasn't a decision we originally made. It's the way that Teluu
JC> implemented the TLS transport in PJSIP and since we use PJSIP then it
JC> applies to us.

my recall is more likely a bit older than that, before pjsip.

there was a thread either in bugs or on one of the lists.

but as later notes pointed out (and i really ought to have thought of ☹)
it is only relevant, as you noted, if verify is on.

at the time i was a fan on wildcards.

then le came along, and then added dns01 support.

now i prefer a separate cert each plus a 3/1/1 tlsa for each port.

but at the time it was anoying.

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6