Zephyr echo_client sample and openssl server- certification failure.

Hello 

I need to setup TLS communication using UDP, betwen:

- mimxrt1060-ekvb as client

- ubuntu pc, openssl server as server (ofc)

I modify prj.conf of sample disabling all TCP and IPv6:

# Generic networking options
CONFIG_NETWORKING=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=n
CONFIG_NET_IPV6=n
CONFIG_NET_IPV4=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_SOCKETS_POLL_MAX=4
CONFIG_NET_CONNECTION_MANAGER=y

# Kernel options
CONFIG_MAIN_STACK_SIZE=2048
CONFIG_ENTROPY_GENERATOR=y
CONFIG_TEST_RANDOM_GENERATOR=y
CONFIG_INIT_STACKS=y
CONFIG_DEBUG=y
# Logging
CONFIG_NET_LOG=y
CONFIG_LOG=y
CONFIG_NET_STATISTICS=y
CONFIG_PRINTK=y

# Network buffers
CONFIG_NET_PKT_RX_COUNT=16
CONFIG_NET_PKT_TX_COUNT=16
CONFIG_NET_BUF_RX_COUNT=80
CONFIG_NET_BUF_TX_COUNT=80
CONFIG_NET_CONTEXT_NET_PKT_POOL=y

# IP address options
# CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT=3
# CONFIG_NET_IF_MCAST_IPV6_ADDR_COUNT=4
CONFIG_NET_MAX_CONTEXTS=10

# Network shell
CONFIG_NET_SHELL=y

# The addresses are selected so that qemu<->qemu connectivity works ok.
# For linux<->qemu connectivity, create a new conf file and swap the
# addresses (so that peer address is ending to 2).
CONFIG_NET_CONFIG_SETTINGS=y
# CONFIG_NET_CONFIG_NEED_IPV6=y
# CONFIG_NET_CONFIG_MY_IPV6_ADDR="2001:db8::2"
# CONFIG_NET_CONFIG_PEER_IPV6_ADDR="2001:db8::1"
CONFIG_NET_CONFIG_NEED_IPV4=y
CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.225"
CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.168.1.240"
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048

To build i using command:

west build -p always -b mimxrt1060_evkb -s samples/net/sockets/echo_client -- -DCONF_FILE="prj.conf overlay-tls.conf"

On server site, running openssl server by:

openssl s_server -key ssl_keys/echo-apps-key.der -cert ssl_keys/echo-apps-cert.der -dtls1_2 -accept 4242 -certform DER

Where is the problem:

Zephyr application running on uP tries to connect to ssl server but it fails, returning error log:

<err> net_sock_tls: TLS handshake error: -2700

On server side i got log:

Using default temp DH parameters
ACCEPT
ERROR
80CB36578F7F0000:error:0A000412:SSL routines:dtls1_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_d1.c:613:SSL alert number 42
shutting down SSL
CONNECTION CLOSED

On wireshark there is also the same information 

26255	343.215228125	192.168.1.225	192.168.1.240	DTLSv1.2	62	Alert (Level: Fatal, Description: Bad Certificate)

I think the problem in configuration, but i can't find where. 

Cert and key files i took from echo_server sample, but if i regenerate them by my self, the result is the same.