SIP/TLS and SAN certificate

I’m curious if it will be possible to avoid using tlsdontverifyserver=yes in the following situation (currently it works with ‘yes’).

Asterisk is acting as a TLS-client to a SIP-provider who is using a SAN (Subject Alt Name) Certificate.

So, in the trunk configuration there is a “host=example.com” statement.
In the provider’s certificate Subject is set to www.example.com but in Subject Alternative Name both www.example.com and example.com are listed as “DNS Name”.

I was thinking about storing provider’s certificate locally on the Asterisk server, but this seems to be a dead end.
Any ideas?