Hi,
I can't get Asterisk to send a SIP call to Twilio over TLS because it
complains about Twilio's wildcard certificate.
This is with Asterisk 18.8.0 and PJSIP 2.10
pjsip show transport shows me this:
allow_reload : false
async_operations : 1
bind
On Wednesday 01 December 2021 at 21:39:52, Kingsley Tart wrote:
> Hi,
>
> I can't get Asterisk to send a SIP call to Twilio over TLS because it
> complains about Twilio's wildcard certificate.
What is the exact "complaint"?
> Is there a way round this?
Maybe, once we know what the error messag
On Wed, 2021-12-01 at 21:49 +0100, Antony Stone wrote:
> On Wednesday 01 December 2021 at 21:39:52, Kingsley Tart wrote:
>
> > Hi,
> >
> > I can't get Asterisk to send a SIP call to Twilio over TLS because
> > it
> > complains about Twilio's wildcard certificate.
>
> What is the exact "complaint
On Wednesday 01 December 2021 at 22:43:47, Kingsley Tart wrote:
> On Wed, 2021-12-01 at 21:49 +0100, Antony Stone wrote:
> >
> > What is the exact "complaint"?
> [Nov 29 16:44:08] ERROR[25803] pjproject: tlsc0x7f1c74246778 RFC
> 5922 (section 7.2) does not allow TLS wildcard certificat
That particular error does not prevent it from connecting (at least it doesn't
in the 18.x I'm using with my own wildcard certs). The problem may be
somewhere else -- for example Twilio might require TLS 1.2 or later -- so try
adding in
method=tlsv1_2
to you transport configuration. If that
On Wed, 2021-12-01 at 22:54 +0100, Antony Stone wrote:
> So, https://datatracker.ietf.org/doc/html/rfc5922#section-7.2 does seem
> pretty
> clear about this. "Implementations MUST NOT match any form of wildcard"
>
> Have you contacted the provider who is using a wildcard certificate in this
>
On 02.12.21 01:21, Kingsley Tart wrote:
No I haven't, but if I did I suspect they would take no notice. Twilio
is a big provider who do what they do because they can.
And I can see why they do this, because customers can set up their own
SIP trunks on their system with their unique hostname, so
