Thanks to those on IRC confirming quickly that this was not something supported (yet) in Asterisk.

Below is a quick fix/patch to tcptls.c for Asterisk 18 against this particular provider.

Dw

static int check_tcptls_cert_name(ASN1_STRING *cert_str, const char *hostname, const char *desc)
{
unsigned char *str;
int ret;

ret = ASN1_STRING_to_UTF8(&str, cert_str);
if (ret < 0 || !str) { return -1; } if (strlen((char *) str) != ret) { ast_log(LOG_WARNING, “Invalid certificate %s length (contains NULL bytes?)\n”, desc); ret = -1; } else if (!strcasecmp(hostname, (char *) str)) { ret = 0; } else if (strlen(str) > 2 && str[0] == ‘*’ && str[1] == ‘.’ && strlen(str) – 2 <= strlen(hostname) && strcasecmp(hostname+strlen(hostname)-strlen(str)+2, str+2) == 0) { ast_log(LOG_WARNING,"Warning: allowing match on wildcard (%s =~ %s)\n", hostname, str); ret = 0; } else { ret = -1; } ast_debug(3, “SSL %s compare s1=’%s’ s2=’%s’\n”, desc, hostname, str); OPENSSL_free(str); return ret; }