two concurrent tls sessions

[gkujawsk]

Hello,
Can anybody share any advice on having to concurrent tls sessions on zephyr 3.1? As of know I have a setup with hawkbit ota and mqtt client both working over TLS with client side certificates. Hawkbit client and mqtt client works perfectly well when both are not running at the very same time. When I connect the mqtt client the hawkbit client refuse to connect returning "tls_debug: (sysworkq): ssl_tls.c:2119: |1| x509_verify_cert() returned -9984 (-0x2700)". When the mqtt client is not connected the hawkbit client connects without any complains.

For both mTLS sessions I use very same crypto credentials which includes private key + cert, root ca + signing ca. Both the mqtt client and hawkbit client refers to the same sec_tag_t tags as both are suppose to use same crypto credentials.

I would very appreciate if somebody can share experience on similar setups.

[gkujawsk]

I did some more digging. I tried to user separate sec_tag_t tags for the mqtt client and the hawkbit client. This changes nothing.

I also verified that If I bring up the mqtt client up and while the mqtt connection is up & running the hawkbit client refuses to connect complaining about not being able to verify server certificate and returning MBEDTLS_ERR_X509_CERT_VERIFY_FAILED (-0x2700). However, when I bring the mqtt connection down, then all of the sudden the hawkbit client connects successfully. It seems to me that somehow both tls sessions interacts with each over in a way I cannot grasp.

x509_crt_merge_flags_with_cb() x509_crt.c is pretty convoluted and it's unclear for me why the certificate verification fails. I cannot find where the zephyr tls code sets f_vrfy() during tls socket setup as this call back function seems to be crucial to pin point the root cause.

As always I would very much appreciate any tips in the area of tshooting this issue.

[gkujawsk]

And again answering my own question. Hope this will help others. The error was related to the heap memory reserved for mbedtls. I had to raised the heap size.