In order to securely connect to our provider's SIP Trunk (twilio) we have to enable the `verify_server=no` option. This works but we get this in the logs: [Feb 19 14:17:11] ERROR[25337]: pjproject:0 <?>: tlsc0x7f3b0c02 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please! Our provider has apparently already been advised because they mention this in their guide: > Note, you will see the following entries in your log file and the Asterisk CLI. Twilio uses wild > card certificates. Even though this log entry appears, it will not impact call processing if verify > server is set to no. > > ERROR[3857]: pjproject:0 <?>: > tlsc0x7f5b6033cd38 RFC 5922 (section 7.2) does not > allow TLS wildcard certificates. Advise your SIP provider, please! So we do not expect to change their wildcard policy any time soon. Is there any chance to consider adding an `allow_wildcard_certs=yes` option in the pjsip configuration? This should be preferred security-wise than blindly trusting certificates. References --------------- * https://trac.pjsip.org/repos/changeset/4882/pjproject/trunk/pjsip/src/pjsip * https://www.twilio.com/docs/documents/61/TwilioElasticSIPTrunking-AsteriskPBX-Configuration-Guide-Version2-1-FINAL-09012018.pdf
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
