LinPhone, Mac OS X and TLS

Dear mailing lists,

I'm setting up a system to providing SIPS/SRTP connectivity between various SIP endpoints and an asterisk
1.8 platform. I've been looking at LinPhone due to its cross-platform support and on most system's it's
worked like a charm. However, I'm having some difficulties in working TLS mode on Mac OS X 10.6.8 with
LinPhone 3.5.2 (SRTP and normal SIP works fine).

I've created both a self-signed server cert and also one signed using a Thawte evaluation intermediate /
root. The server certs resides on asterisk and works with LinPhone on Windows etc. and with other sip
endpoints on Windows and Mac.

I've imported the Thawte intermediate & root certs into Mac OS X's KeyChain Assistant and it seems happy
with them (I've told it to trust the certs for all cases).

If I connect to asterisk's TLS port using Safari I see a successful TLSv1 exchange (to the point at which
encypted app traffic flows - naturally asterisk doesn't know about http so it gets no further).

When running LinPhone I see an unsuccessful TLSv1 trace as follows (from w/shark):

From asterisk
43	17:23:44.021735	192.168.0.202	5061	192.168.0.212	61579	TLSv1	1260	Server Hello,
Certificate, Server Hello Done

Response from Mac
45	17:23:44.022089	192.168.0.212	61579	192.168.0.202	5061	TLSv1	75	Alert (Level: Fatal,
Description: Unknown CA)

So something's not happy on the Mac side.

If I run an openssl s_client test, I get the following: