diff --git a/Cargo.lock b/Cargo.lock
index 705112d..fab32dd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -134,12 +134,6 @@ dependencies = [
  "smallvec",
 ]
 
-[[package]]
-name = "bitflags"
-version = "1.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-
 [[package]]
 name = "bitflags"
 version = "2.10.0"
@@ -282,23 +276,22 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
 
 [[package]]
 name = "cryptoki"
-version = "0.10.0"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "781357a7779a8e92ea985121bbf379a9adf0777f44ab6392efc6abd5aa9b67db"
+checksum = "ff765b99fc49f3116c9a908484486a2b92fd73c48da45c3a69716471c6cc56c6"
 dependencies = [
- "bitflags 1.3.2",
+ "bitflags",
  "cryptoki-sys",
  "libloading",
  "log",
- "paste",
- "secrecy 0.8.0",
+ "secrecy",
 ]
 
 [[package]]
 name = "cryptoki-sys"
-version = "0.4.0"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "753e27d860277930ae9f394c119c8c70303236aab0ffab1d51f3d207dbb2bc4b"
+checksum = "f1fd850498411e4057f1cba79e6e2bc7cbe960544c1046ab46d4685c403a1121"
 dependencies = [
  "libloading",
 ]
@@ -370,7 +363,7 @@ dependencies = [
  "openssl",
  "rand 0.8.5",
  "ring",
- "secrecy 0.10.3",
+ "secrecy",
  "time",
 ]
 
@@ -441,7 +434,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -698,7 +691,7 @@ name = "kmip-protocol"
 version = "0.5.0"
 source = "git+https://github.com/NLnetLabs/kmip-protocol?branch=next#52fd0aaf06fcf06b88583d7049de4d584a710ad9"
 dependencies = [
- "bitflags 2.10.0",
+ "bitflags",
  "cfg-if",
  "enum-display-derive",
  "enum-ordinalize",
@@ -898,7 +891,7 @@ version = "0.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46"
 dependencies = [
- "bitflags 2.10.0",
+ "bitflags",
  "cfg-if",
  "cfg_aliases",
  "libc",
@@ -911,7 +904,7 @@ version = "0.30.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6"
 dependencies = [
- "bitflags 2.10.0",
+ "bitflags",
  "cfg-if",
  "cfg_aliases",
  "libc",
@@ -1006,7 +999,7 @@ version = "0.10.75"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08838db121398ad17ab8531ce9de97b244589089e290a384c900cb9ff7434328"
 dependencies = [
- "bitflags 2.10.0",
+ "bitflags",
  "cfg-if",
  "foreign-types",
  "libc",
@@ -1061,12 +1054,6 @@ dependencies = [
  "windows-link",
 ]
 
-[[package]]
-name = "paste"
-version = "1.0.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
-
 [[package]]
 name = "pem"
 version = "3.0.6"
@@ -1239,7 +1226,7 @@ version = "0.5.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
 dependencies = [
- "bitflags 2.10.0",
+ "bitflags",
 ]
 
 [[package]]
@@ -1296,7 +1283,7 @@ version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34"
 dependencies = [
- "bitflags 2.10.0",
+ "bitflags",
  "errno",
  "libc",
  "linux-raw-sys",
@@ -1368,15 +1355,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
-[[package]]
-name = "secrecy"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
-dependencies = [
- "zeroize",
-]
-
 [[package]]
 name = "secrecy"
 version = "0.10.3"
diff --git a/Cargo.toml b/Cargo.toml
index f3cb511..1cf160d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -33,7 +33,7 @@ rust-version.workspace = true
 [dependencies]
 bcder = "0.7.5"
 clap = { workspace = true }
-cryptoki = "^0.10.0"
+cryptoki = "^0.12.0"
 daemonbase = { workspace = true }
 domain = { git = "https://github.com/NLnetLabs/domain.git", version = "0.11.1", branch = "main", features = [
   "unstable-crypto-sign",
diff --git a/src/client_request_handler.rs b/src/client_request_handler.rs
index 16efba6..1c65545 100644
--- a/src/client_request_handler.rs
+++ b/src/client_request_handler.rs
@@ -231,7 +231,9 @@ fn process_request(
             Operation::Query => query::op(&pool, config, batch_item),
             _ => {
                 let pkcs11conn = pool.get().unwrap();
-                if let Err(err) = pkcs11conn.ensure_logged_in(AuthPin::new(pin.to_string())) {
+                if let Err(err) =
+                    pkcs11conn.ensure_logged_in(AuthPin::new(pin.to_string().into_boxed_str()))
+                {
                     Err((ResultReason::AuthenticationNotSuccessful, err.to_string()))
                 } else {
                     match batch_item.operation() {
diff --git a/src/pkcs11/error.rs b/src/pkcs11/error.rs
index f5824d0..4716eb5 100644
--- a/src/pkcs11/error.rs
+++ b/src/pkcs11/error.rs
@@ -198,7 +198,8 @@ impl Display for Error {
                     RvError::PinTooWeak => "PinTooWeak",
                     RvError::PublicKeyInvalid => "PublicKeyInvalid",
                     RvError::FunctionRejected => "FunctionRejected",
-                    RvError::VendorDefined => "VendorDefined",
+                    RvError::VendorDefined(_) => "VendorDefined",
+                    RvError::UnknownErrorCode(_) => "UnknownErrorCode",
                 };
                 write!(
                     f,
diff --git a/src/pkcs11/util.rs b/src/pkcs11/util.rs
index 3fff632..cac3357 100644
--- a/src/pkcs11/util.rs
+++ b/src/pkcs11/util.rs
@@ -3,7 +3,7 @@ use std::collections::hash_map::Entry;
 use std::result::Result;
 use std::sync::{Arc, RwLock};
 
-use cryptoki::context::{CInitializeArgs, Function, Pkcs11};
+use cryptoki::context::{CInitializeArgs, CInitializeFlags, Function, Pkcs11};
 use cryptoki::object::{Attribute, ObjectClass, ObjectHandle};
 use cryptoki::slot::Slot;
 use kmip::types::common::UniqueIdentifier;
@@ -49,7 +49,7 @@ impl Pkcs11Pools {
 
 pub fn init_pkcs11(cfg: &mut Config) -> Result<Pkcs11, Error> {
     let pkcs11 = Pkcs11::new(&cfg.pkcs11.lib_path)?;
-    pkcs11.initialize(CInitializeArgs::OsThreads)?;
+    pkcs11.initialize(CInitializeArgs::new(CInitializeFlags::OS_LOCKING_OK))?;
     for f in [
         Function::FindObjects,
         Function::GenerateKeyPair,
diff --git a/tests/full.rs b/tests/full.rs
index 4f11277..6e9885f 100644
--- a/tests/full.rs
+++ b/tests/full.rs
@@ -62,6 +62,7 @@ impl Daemon {
             .into_iter()
             .chain(
                 [
+                    "/usr/lib64/pkcs11/libsofthsm2.so", // Fedora 43
                     "/usr/lib64/softhsm/libsofthsm2.so",
                     "/usr/lib/softhsm/libsofthsm2.so",
                 ]