openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard
verified publisher icon OpenVPN

openvpn in Rocky/RHEL 10.1 with YKCS11 provider

Open rau98 opened this issue 1 month ago • 0 comments

Describe the bug Hello. Currently, I have a libykcs11.so.2.7.2 file that I built using the Rocky 10.1 OS. However, when I attempt to use openvpn with it, using the following command:

openvpn --show-pkcs11-ids libykcs11.so.2.7.2

I get the following error:

PKCS#11: Adding PKCS#11 provider 'libykcs11.so.2.7.2' PKCS#11: Cannot initialize provider 'libykcs11.so.2.7.2' 6-'CKR_FUNCTION_FAILED' Failed to add PPKCS#11 provider 'libykcs11.so.2.7.2 Exiting due to fatal error

I am wondering if this has something to do with openvpn in Rocky 10.1, or if it is entirely an issue with the pkcs11 provider.

To Reproduce Build the Yubico libykcs11.so.2.7.2 from the yubico-piv-tool. Use the following command:

openvpn --show-pkcs11-ids libykcs11.so.2.7.2

Expected behavior It should print out the pkcs11 ids of my yubikey

Version information (please complete the following information):

  • OS: Rocky 10.1
  • OpenVPN version: 2.7_rc2 x86_64-redhat-linux-gnu

Additional context The same command works on Rocky 9.6, with the same pkcs11 provider

rau98 avatar Dec 02 '25 17:12 rau98