Antony Stone
2021-Dec-01 21:54 UTC
[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem
On Wednesday 01 December 2021 at 22:43:47, Kingsley Tart wrote:> On Wed, 2021-12-01 at 21:49 +0100, Antony Stone wrote: > > > > What is the exact "complaint"?> [Nov 29 16:44:08] ERROR[25803] pjproject: tlsc0x7f1c74246778 RFC > 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your > SIP provider, please!So, https://datatracker.ietf.org/doc/html/rfc5922#section-7.2 does seem pretty clear about this. "Implementations MUST NOT match any form of wildcard" Have you contacted the provider who is using a wildcard certificate in this way and referred them to the RFC? Antony. -- "Can you keep a secret?" "Well, I shouldn't really tell you this, but... no." Please reply to the list; please *don't* CC me.
Kingsley Tart
2021-Dec-02 00:21 UTC
[asterisk-users] PJSIP to Twilio over TLS - wildcard cert problem
On Wed, 2021-12-01 at 22:54 +0100, Antony Stone wrote:> So, https://datatracker.ietf.org/doc/html/rfc5922#section-7.2 does seem pretty > clear about this. "Implementations MUST NOT match any form of wildcard" > > Have you contacted the provider who is using a wildcard certificate in this way > and referred them to the RFC?No I haven't, but if I did I suspect they would take no notice. Twilio is a big provider who do what they do because they can. And I can see why they do this, because customers can set up their own SIP trunks on their system with their unique hostname, so it makes sense for them to have a wildcard cert, whether in violation of the RFC or not. -- Cheers, Kingsley.