The design of the SIP TLS transport may not allow multiple certificates to be loaded

[bennylp]

Since normally we only need to instantiate one TLS listener in the library, this means we can only load one certificate suite to the stack (suite means CA and client cert) at any given time. This would limit the ability of the client to connect to multiple TLS servers (e.g. multiple accounts).

However, there may be a workaround. Application could instantiate multiple TLS listeners, each with its own certificate, and then bind or lock each PJSUA-LIB account to a specific listener by using pjsua_acc_set_transport(). This way, (outgoing) requests sent on behalf of that account will be sent using the correct listener, hence the correct TLS certificate/settings. This setup is rarely tested though.