to a second thread before the first has the session set active.  Add calls
to lock/unlock the certificate to prevent this.

The better options is likely to have a function that adds the key and socket
and sets the session active in one call and handles the locking internally.

But I'm lazy, so we get the lock functions.