I am implementing a multi-threaded application which connects the server with mbedTLS (2.23). We use client authentication so I set a private key for the client TLS context.
On startup, I parse the private key (PEM) to
mbedtls_pk_context once (same private key, no need to load it every time)
When I am running in a single threaded mode, it works fine.
When running in multi-threaded mode, sometimes TLS negotiation fails with
MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO while mbed log writes
ssl_cli.c:4009: |1| mbedtls_pk_sign() returned -34432 (-0x8680)
mbedtls_pk_context from PEM on every connection in multi-threaded mode, it works fine also.
Can it be that
mbedtls_pk_context cannot be shared between threads? If so, how can I copy it effectively from a master version to a instance in each thread?