We are running Asterisk 13.15.0 and PJSIP version 2.7. We are successfully establishing secure calls using the Twilio Elastic SIP trunking platform (TLS handshake, SRTP) with good audio but after 32 seconds the call is dropped as follows:
[Nov 14 16:51:56] ERROR[1447] pjproject: tlsc0xb4b3bcb4 RFC 5922 (section 7.2) does not allow TLS wildcard certificates. Advise your SIP provider, please!
[Nov 14 16:51:56] DEBUG[1447] res_pjsip/pjsip_transport_events.c: Reliable transport ‘tlsc0xb4b3bcb4’ state:CONNECTED
[Nov 14 16:51:56] DEBUG[1447] res_pjsip/pjsip_distributor.c: Searching for serializer associated with dialog dlg0x9b99d44 for Response msg 200/BYE/cseq=30106 (rdata0xb4b3be7c)
[Nov 14 16:51:56] DEBUG[1447] res_pjsip/pjsip_distributor.c: Found serializer pjsip/distributor-00000033 associated with dialog dlg0x9b99d44
[Nov 14 16:51:56] DEBUG[3232] res_pjsip_session.c: Source of transaction state change is RX_MSG
[Nov 14 16:51:56] DEBUG[3232] res_pjsip_session.c: Received response
[Nov 14 16:51:56] DEBUG[3232] res_pjsip_session.c: Response is 200 OK
[Nov 14 16:51:56] DEBUG[3232] res_pjsip_session.c: Received response
[Nov 14 16:51:56] DEBUG[3232] res_pjsip_session.c: Response is 200 OK
[Nov 14 16:51:56] DEBUG[3232] res_pjsip_session.c: BYE received final response code 200
My understanding is that Twilio uses wildcard certificates because each SIP trunking account is given a subdomain (example.pstn.twilio.com) as the account’s interface at Twilio for outgoing secure SIP calls to the PSTN. It is unlikely that they will change their design to stop using the wildcard certificates.
We want to use the PJSIP stack for our secure calls through Twilio. I would like to know of any successful fixes for this wildcard problem.
Thank you!