SIP/TLS and SAN certificate

I’m curious if it will be possible to avoid using tlsdontverifyserver=yes in the following situation (currently it works with ‘yes’).

Asterisk is acting as a TLS-client to a SIP-provider who is using a SAN (Subject Alt Name) Certificate.

So, in the trunk configuration there is a “” statement.
In the provider’s certificate Subject is set to but in Subject Alternative Name both and are listed as “DNS Name”.

I was thinking about storing provider’s certificate locally on the Asterisk server, but this seems to be a dead end.
Any ideas?