Closed AlexTR85 closed 1 month ago
g-bougard
commented
3 months ago Hi @AlexTR85
really weird error, can you share the output of the following command run as administrator and from GLPI-Agent installation folder ?
glpi-agent --logger=stderr --debug --debug --force --task=CollectThis will generate more SSL debugging messages.
You can check also if an AV is not preventing access to that file for GLPI-Agent.
AlexTR85
commented
3 months ago OK
C:\Program Files\GLPI-Agent>glpi-agent --logger=stderr --debug --debug --force - -task=Collect [debug] Logger backend Stderr initialized [debug] Logger backend File initialized [debug] GLPI Agent (1.7.2) [debug] Configuration directory: C:/Program Files/GLPI-Agent/etc [debug] Data directory: C:/Program Files/GLPI-Agent/share [debug] Storage directory: C:\Program Files\GLPI-Agent\var [debug] Lib directory: C:/Program Files/GLPI-Agent/perl/agent [debug] [target local0] Next tasks run planned for Tue Apr 2 12:05:51 2024 [debug] [target server0] Next server contact planned for Wed Apr 3 10:24:53 202 4 [debug2] getAvailableTasks() : add of task Inventory version 1.15 [debug2] getAvailableTasks() : add of task RemoteInventory version 1.4 [debug2] Preparing execution plan [debug] Available tasks: [debug] - Inventory: 1.15 [debug] - RemoteInventory: 1.4 [debug] target local0: local C:\Program Files\GLPI-Agent\ [debug] No planned task for local0 [debug] target server0: server https://proxyglpi.etc.es/proxy/glpi [debug] No planned task for server0 [debug] Provided by Teclib Edition [debug] Installer built on Mon Mar 25 10:24:29 2024 UTC [debug] Built with Strawberry Perl 5.36.0 [debug] Built on github actions windows image for glpi-project/glpi-agent reposi tory [debug] Running in foreground mode [info] local0 is not ready yet, but run is forced [info] target local0: local C:\Program Files\GLPI-Agent\ [info] server0 is not ready yet, but run is forced [info] target server0: server https://proxyglpi.etc.es/proxy/glpi [debug2] [http client] Using Compress::Zlib for compression [info] sending contact request to server0 [debug2] [http client] 06B6148B: sending message: { "action": "contact", "deviceid": "DC-2024-03-28-11-07-04", "enabled-tasks": [], "installed-tasks": [ "inventory", "remoteinventory" ], "name": "GLPI-Agent", "tag": "TAG", "version": "1.7.2" } [debug] [http client] Updating keystore known certificates [debug2] Changing to 'C:/Program Files/GLPI-Agent/var/keystore-export-Vz2TgF' te mporary folder [debug2] executing certutil -Silent -Split -Store CA [debug2] executing certutil -Silent -Split -Store Root [debug2] executing certutil -Silent -Split -Enterprise -Store CA [debug2] executing certutil -Silent -Split -Enterprise -Store Root [debug2] executing certutil -Silent -Split -GroupPolicy -Store CA [debug2] executing certutil -Silent -Split -GroupPolicy -Store Root [debug2] executing certutil -Silent -Split -User -Store CA [debug2] executing certutil -Silent -Split -User -Store Root [debug2] executing certutil -encode Blob0_0.crt temp.cer [debug2] executing certutil -encode Blob10_0.crt temp.cer [debug2] executing certutil -encode Blob11_0.crt temp.cer [debug2] executing certutil -encode Blob12_0.crt temp.cer [debug2] executing certutil -encode Blob1_0.crt temp.cer [debug2] executing certutil -encode Blob2_0.crt temp.cer [debug2] executing certutil -encode Blob3_0.crt temp.cer [debug2] executing certutil -encode Blob4_0.crt temp.cer [debug2] executing certutil -encode Blob5_0.crt temp.cer [debug2] executing certutil -encode Blob6_0.crt temp.cer [debug2] executing certutil -encode Blob7_0.crt temp.cer [debug2] executing certutil -encode Blob8_0.crt temp.cer [debug2] executing certutil -encode Blob9_0.crt temp.cer [debug2] Changing back to 'C:/Program Files/GLPI-Agent' folder [error] cannot parse C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cace rt.pem as PEM X509 cert: error:02001015:system library:fopen:Is a directory at C :/Program Files/GLPI-Agent/perl/agent/GLPI/Agent/HTTP/Client.pm line 494.
C:\Program Files\GLPI-Agent>
g-bougard
commented
3 months ago Hi @AlexTR85
the error is saying C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem is a directory. Is this really the case on that computer ? This should not be the case.
AlexTR85
commented
3 months ago g-bougard
commented
3 months ago I really don't see why the IO::Socket::SSL api is running differently on some computers. The only reason I can imagine right now is the agent is indeed loading another OpenSSL lib which is not compatible.
Can you share the output of the following command run from the agent installation folder ?
perl\bin\glpi-agent.exe -e "use Net::SSLeay; use English; print Net::SSLeay::SSLeay_version(0),' - perl ',$PERL_VERSION"C:\Program Files\GLPI-Agent>perl\bin\glpi-agent.exe -e "use Net::SSLeay; use English; print Net::SSLeay::SSLeay_version(0),' - perl ',$PERL_VERSION"
Can't load 'C:/Program Files/GLPI-Agent/perl/vendor/lib/auto/Net/SSLeay/SSLeay.xs.dll' for module Net::SSLeay: load_file:No se puede encontrar el m¾dulo especificado at C:/Program Files/GLPI-Agent/perl/lib/DynaLoader.pm line 206.
at -e line 1.
Compilation failed in require at -e line 1.
BEGIN failed--compilation aborted at -e line 1.Does that SSLeay.xs.dll file exist ?
If no, please reinstall, and check the file is installed. If yes, check if you have an antivirus or something which could prevent its load.
AlexTR85
commented
2 months ago The file does exist and there is no antivirus.
It's happening on three servers now, they have nothing to do with each other, one of them doesn't even have antivirus installed.
Thank you.
g-bougard
commented
2 months ago Do you have the same issue with a nightly build on these servers ?
AlexTR85
commented
2 months ago same problem with GLPI-Agent v1.8-gitdc2bf92a nightly build
g-bougard
commented
2 months ago Did you also test the previous test command I gave you ?
You said it's happening on 3 servers. What OS level/version are these systems ?
AlexTR85
commented
2 months ago I have checked that with version 'GLPI Agent 1.8 (gitdc2bf92a)' it's OK, but with version 1.7.3 it doesn't work.
The OS of one of the two that are not working now is a Windows Server 2012 R2.
g-bougard
commented
2 months ago Okay, so if this is fixed in nightly, you can use it in place of 1.7.3. All security fixes in 1.7.3 are included in current nightly and I think 1.8 release should occur in 2 weeks, max 3 weeks.
My guess is you're triggering a bug in OpenSSL 1.1.1q which is the one used in GLPI Agent 1.7.3 on windows. And as we are using OpenSSL 3.2.1 actually in nightly, it should come with a fix for your case.
g-bougard
commented
2 months ago I'm closing this issue. Feel free to reopen after the release in few weeks if you still have that problem.
MarcSamD
commented
1 month ago Hi @g-bougard , we still have this error on 1.8. Also happening on Windows 10 with slightly different message:
[Thu May 16 09:40:31 2024][error] cannot parse C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem as PEM X509 cert: error:12800067:DSO support routines::could not load the shared library at C:/Program Files/GLPI-Agent/perl/agent/GLPI/Agent/HTTP/Client.pm line 494 thread 1.
g-bougard
commented
1 month ago Hi @MarcSamD
can you share the output of the following command run as administrator and from GLPI-Agent installation folder ?
glpi-agent --logger=stderr --debug --debug --force --task=CollectAlso, check if you have an antivirus and if it has put files in quarantine. And verify you have not empty libssl-3__.dll & libcrypto-3__.dll files under C:\Program Files\GLPI-Agent\perl\bin.
There's another point to check, as in #536, do you have OpenSSL installed by another software like Win64OpenSSL_Light ? You may want to check for libssl-*.dll files on your systems. Can you share you PATH environment variable as it can show such kind of software is installed.
MarcSamD
commented
1 month ago C:\Program Files\GLPI-Agent>glpi-agent --logger=stderr --debug --debug --force --task=Collect
[debug] Logger backend Stderr initialized
[debug] Logger backend File initialized
[debug] GLPI Agent (1.8)
[debug] Configuration directory: C:/Program Files/GLPI-Agent/etc
[debug] Data directory: C:/Program Files/GLPI-Agent/share
[debug] Storage directory: C:\Program Files\GLPI-Agent\var
[debug] Lib directory: C:/Program Files/GLPI-Agent/perl/agent
[debug] [target server0] Next server contact planned for Fri May 17 16:17:59 2024
[debug2] getAvailableTasks() : add of task Collect version 2.9
[debug2] getAvailableTasks() : add of task Deploy version 3.0
[debug2] getAvailableTasks() : add of task ESX version 2.10
[debug2] getAvailableTasks() : add of task Inventory version 1.15
[debug2] getAvailableTasks() : add of task NetDiscovery version 6.1
[debug2] getAvailableTasks() : add of task NetInventory version 6.1
[debug2] getAvailableTasks() : add of task RemoteInventory version 1.4
[debug2] getAvailableTasks() : add of task WakeOnLan version 2.2
[debug2] Preparing execution plan
[debug] Available tasks:
[debug] - Collect: 2.9
[debug] - Deploy: 3.0
[debug] - ESX: 2.10
[debug] - Inventory: 1.15
[debug] - NetDiscovery: 6.1
[debug] - NetInventory: 6.1
[debug] - RemoteInventory: 1.4
[debug] - WakeOnLan: 2.2
[debug] target server0: server https://servicedesk.mydomain.com/marketplace/glpiinventory/
[debug] Planned tasks for server0: Collect
[debug] Provided by Teclib Edition
[debug] Installer built on Wed May 15 09:56:36 2024 UTC
[debug] Built with Strawberry Perl 5.38.2
[debug] Built on github actions windows image for glpi-project/glpi-agent repository
[debug] Running in foreground mode
[info] server0 is not ready yet, but run is forced
[info] target server0: server https://servicedesk.mydomain.com/marketplace/glpiinventory/
[debug2] [http client] Using Compress::Zlib for compression
[info] sending contact request to server0
[debug2] [http client] ECED954E: sending message:
{
"action": "contact",
"deviceid": "ididididid",
"enabled-tasks": [
"collect"
],
"installed-tasks": [
"collect",
"deploy",
"esx",
"inventory",
"netdiscovery",
"netinventory",
"remoteinventory",
"wakeonlan"
],
"name": "GLPI-Agent",
"version": "1.8"
}
[debug] [http client] Updating keystore known certificates
[debug2] Changing to 'C:/Program Files/GLPI-Agent/var/keystore-export-_LXxSU' temporary folder
[debug2] executing certutil -Silent -Split -Store CA
[debug2] executing certutil -Silent -Split -Store Root
[debug2] executing certutil -Silent -Split -Enterprise -Store CA
[debug2] executing certutil -Silent -Split -Enterprise -Store Root
[debug2] executing certutil -Silent -Split -GroupPolicy -Store CA
[debug2] executing certutil -Silent -Split -GroupPolicy -Store Root
[debug2] executing certutil -Silent -Split -User -Store CA
[debug2] executing certutil -Silent -Split -User -Store Root
[debug2] executing certutil -encode 1234567890abcdef1.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef2.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef3.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef4.crt temp.cer
[...]
[debug2] executing certutil -encode 1234567890abcdef99.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef100.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef101.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef102.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef103.crt temp.cer
[debug2] executing certutil -encode 1234567890abcdef104.crt temp.cer
[debug2] Changing back to 'C:/Program Files/GLPI-Agent' folder
[error] cannot parse C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem as PEM X509 cert: error:12800067:DSO support routines::could not load the shared library at C:/Program Files/GLPI-Agent/perl/agent/GLPI/Agent/HTTP/Client.pm line 494.4. There are many application using libssl-*.dll files, but only two that are also in the PATH: AWS CLIv2 and Python.
Is one running as a service even for them not providing libssl in the PATH ? Maybe AWS CLIv2 ?
Can you share the full path of the related dll ?
Can you share the related entries in the software inventory generated by glpi-inventory --partial software ? This may help to reproduce the case.
Can you try to update the system PATH to add C:\Program Files\GLPI-Agent\perl\bin behind AWS CLIv2 and Python related paths and finally restart the service ?
MarcSamD
commented
1 month ago Many sensitive information so I sent them to your email.
And adding GLPI to the PATH did not work.
g-bougard
commented
1 month ago Hi @MarcSamD
thank you, I think this should help.
Can you also share the output of the following command run from the perl\bin subfolder of the installation folder ?
glpi-agent.exe -e "use Net::SSLeay; print Net::SSLeay::SSLeay_version(0),' (', sprintf('0x%x',Net::SSLeay::SSLeay()),\")\n\";"This shoudl report something like:
C:\Program Files\GLPI-Agent\perl\bin>glpi-agent.exe -e "use Net::SSLeay; print Net::SSLeay::SSLeay_version(0),' (', sprintf('0x%x',Net::SSLeay::SSLeay()),\")\n\";"
OpenSSL 3.2.1 30 Jan 2024 (0x30200010)@MarcSamD It seems you have few VPN clients running and the same time than the agent (FortiClient & Cisco). Can you try to stop them, restart glpi-agent and see if that helps ?
For now, I suspect one of the 2 libraries libssl-3.dll & libcrypto-3.dll is not loaded as expected by glpi-agent. And maybe because it still has been loaded from another place with incompatible API.
g-bougard
commented
1 month ago Another test you can do, get ntldd.exe from the archive available here: https://github.com/LRN/ntldd/releases
Put the exe somewhere, open a console in the same folder and run the following:
ntldd "C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeay\SSLeay.xs.dll"This should report something like:
C:\Users\gbougard>ntldd "C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeay\SSLeay.xs.dll"
KERNEL32.dll => C:\Windows\SYSTEM32\KERNEL32.dll (0x000001a8b6820000)
msvcrt.dll => C:\Windows\SYSTEM32\msvcrt.dll (0x000001a8b6f30000)
libcrypto-3__.dll => not found
libssl-3__.dll => not found
perl538.dll => not found
But maybe this won't and in this case, this can be a clue.
MaxPresi
commented
1 month ago I have the same problem, in a fresh install of version 1.8 on a new PC.
C:\Program Files\GLPI-Agent> glpi-agent --logger=stderr --debug --debug --force --task=Collect
[debug] Logger backend Stderr initialized
[debug] Logger backend File initialized
[debug] GLPI Agent (1.8)
[debug] Configuration directory: C:/Program Files/GLPI-Agent/etc
[debug] Data directory: C:/Program Files/GLPI-Agent/share
[debug] Storage directory: C:\Program Files\GLPI-Agent\var
[debug] Lib directory: C:/Program Files/GLPI-Agent/perl/agent
[debug] [target server0] Next server contact planned for Thu May 16 12:06:32 2024
[debug2] getAvailableTasks() : add of task Inventory version 1.15
[debug2] getAvailableTasks() : add of task RemoteInventory version 1.4
[debug2] Preparing execution plan
[debug] Available tasks:
[debug] - Inventory: 1.15
[debug] - RemoteInventory: 1.4
[debug] target server0: server https://glpi.mydomain.com/marketplace/glpiinventory
[debug] No planned task for server0
[debug] Provided by Teclib Edition
[debug] Installer built on Wed May 15 09:56:36 2024 UTC
[debug] Built with Strawberry Perl 5.38.2
[debug] Built on github actions windows image for glpi-project/glpi-agent repository
[debug] Running in foreground mode
[info] server0 is not ready yet, but run is forced
[info] target server0: server https://glpi.mydomain.com/marketplace/glpiinventory
[debug2] [http client] Using Compress::Zlib for compression
[info] sending prolog request to server0
[debug2] [http client] sending message:
<?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
<DEVICEID>PC22CM102-2024-05-16-11-14-49</DEVICEID>
<QUERY>PROLOG</QUERY>
<TOKEN>12345678</TOKEN>
</REQUEST>
[debug] [http client] Updating keystore known certificates
[debug2] Changing to 'C:/Program Files/GLPI-Agent/var/keystore-export-M5JSOk' temporary folder
[debug2] executing certutil -Silent -Split -Store CA
[debug2] executing certutil -Silent -Split -Store Root
[debug2] executing certutil -Silent -Split -Enterprise -Store CA
[debug2] executing certutil -Silent -Split -Enterprise -Store Root
[debug2] executing certutil -Silent -Split -GroupPolicy -Store CA
[debug2] executing certutil -Silent -Split -GroupPolicy -Store Root
[debug2] executing certutil -Silent -Split -User -Store CA
[debug2] executing certutil -Silent -Split -User -Store Root
[debug2] executing certutil -encode 0119e81be9a14cd8e22f40ac118c687ecba3f4d8.crt temp.cer
[debug2] executing certutil -encode 06f1aa330b927b753a40e68cdf22e34bcbef3352.crt temp.cer
[debug2] executing certutil -encode 109f1caed645bb78b3ea2b94c0697c740733031c.crt temp.cer
[debug2] executing certutil -encode 18f7c1fcc3090203fd5baa2f861a754976c8dd25.crt temp.cer
[debug2] executing certutil -encode 245c97df7514e7cf2df8be72ae957b9e04741e85.crt temp.cer
[debug2] executing certutil -encode 31f9fc8ba3805986b721ea7295c65b3a44534274.crt temp.cer
[debug2] executing certutil -encode 3b1efd3a66ea28b16697394703a72ca340a05bd5.crt temp.cer
[debug2] executing certutil -encode 61eb30fa17cf2b2f1bf5fa7b59f97a056464397c.crt temp.cer
[debug2] executing certutil -encode 7f88cd7223f3c813818c994614a89c99fa3b5247.crt temp.cer
[debug2] executing certutil -encode 8f43288ad272f3103b6fb1428485ea3014c0bcfe.crt temp.cer
[debug2] executing certutil -encode 92b46c76e13054e104f230517e6e504d43ab10b5.crt temp.cer
[debug2] executing certutil -encode a43489159a520f0d93d032ccaf37e7fe20a8b419.crt temp.cer
[debug2] executing certutil -encode be36a4562fb2ee05dbb3d32323adf445084ed656.crt temp.cer
[debug2] executing certutil -encode cdd4eeae6000ac7f40c3802c171e30148030c072.crt temp.cer
[debug2] executing certutil -encode d4ffdb19ba590fffaa34db5f4b568706a2978436.crt temp.cer
[debug2] executing certutil -encode d559a586669b08f46a30a133f8a9ed3d038e2ea8.crt temp.cer
[debug2] executing certutil -encode fee449ee0e3965a5246f000e87fde2a065fd89d4.crt temp.cer
[debug2] Changing back to 'C:/Program Files/GLPI-Agent' folder
[error] cannot parse C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem as PEM X509 cert: error:12800067:DSO support routines::could not load the shared library at C:/Program Files/GLPI-Agent/perl/agent/GLPI/Agent/HTTP/Client.pm line 494.C:\Program Files\GLPI-Agent\perl\bin>glpi-agent.exe -e "use Net::SSLeay; print Net::SSLeay::SSLeay_version(0),' (', sprintf('0x%x',Net::SSLeay::SSLeay()),\")\n\";"
OpenSSL 3.2.1 30 Jan 2024 (0x30200010)C:\Program Files\GLPI-Agent\perl\bin>echo %PATH%
C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Users\raracelli\AppData\Local\Microsoft\WindowsApps;C:\Program Files\GLPI-Agent\perl\bin>dir /S libssl*.dll
O volume na unidade C é OS
O Número de Série do Volume é 3665-B3AD
Pasta de C:\Program Files\GLPI-Agent\perl\bin
14/05/2024 09:25 1.203.709 libssl-3__.dll
1 arquivo(s) 1.203.709 bytes
Total de Arquivos na Lista:
1 arquivo(s) 1.203.709 bytes
0 pasta(s) 438.012.575.744 bytes disponíveisC:\Users\suporte\Downloads>ntldd "C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeay\SSLeay.xs.dll"
KERNEL32.dll => not found
msvcrt.dll => not found
libcrypto-3__.dll => not found
libssl-3__.dll => not found
perl538.dll => not found
I see another test to try:
libssl-3__.dll & libcrypto-3__.dll from C:\Program Files\GLPI-Agent\perl\bin to the C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeay folder.MaxPresi
commented
1 month ago I see another test to try:
- copy
libssl-3__.dll&libcrypto-3__.dllfromC:\Program Files\GLPI-Agent\perl\binto theC:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeayfolder.- see if glpi-agent request still report an error.
This solved the problem! Everything went without errors \o/
MarcSamD
commented
1 month ago
- copy
libssl-3__.dll&libcrypto-3__.dllfromC:\Program Files\GLPI-Agent\perl\binto theC:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeayfolder.
I also confirm that it solved the issue (even no need to restart GLPI-Agent). So I didn't try all your other tests above but let me know if you still need these information.
g-bougard
commented
1 month ago I didn't ask before, but did you have the same problem when setting no-ssl-check to 1 or ssl-fingerprint with the expected value ?
And also, in which mode do you use the agent ? Service or windows task ?
MarcSamD
commented
1 month ago I don't have this error if I enable no-ssl-check setting. The agent is running as a service.
~But now that I have disable again no-ssl-check and put back the 2 dll in the folder, I still get the certificate issue... I will try again Monday after a computer restart as I can't figure it out now.~ => Edit: I just forgot to re-apply the permission to the dll ("Replace all child object permission entries with inheritable permission entries" on SSLeay folder).
g-bougard
commented
1 month ago @MarcSamD
~There's maybe another alternative work-around for service mode in your case: as administrator, create a text file named glpi-win32-service.rc under C:\Program Files\GLPI-Agent\perl\bin, then edit it and use only the following content~
BEGIN {
$ENV{OPENSSL_PREFIX} = "C:/Program Files/GLPI-Agent/perl/bin";
}~Then restart the service.~
P.S.: Sorry, forget this I misunderstood a context when checking Net::SSLeay module documentation
g-bougard
commented
1 month ago For another confirmation, can you try to run the test this time by changing directory to the perl\bin subfolder of the agent and run as administrator ?
C:\Program Files\GLPI-Agent>cd perl\bin
C:\Program Files\GLPI-Agent\perl\bin>glpi-agent.exe glpi-agent --logger=stderr --debug --debug --force --task=CollectCan you test replacing the perl\lib\setup.pm file from the installation folder by the one in the attached archive:
setup.pm.zip
This version adds the following lines:
...
use Win32::API;
...
my $apiSetDllDirectory = Win32::API->new(
'kernel32',
'BOOL SetDllDirectoryA(LPCSTR lpPathName)'
);
$apiSetDllDirectory->Call($basefolder.'/perl/bin');The purpose is to tell the system to use perl\bin as folder to search for DLLs for the current process.
I checked with SpyStudio-v2 and it seems to do what I expect.
g-bougard
commented
1 month ago Anyway, I pushed a commit to include this update. Can you try with next nightly build ?
MarcSamD
commented
1 month ago For another confirmation, can you try to run the test this time by changing directory to the
perl\binsubfolder of the agent and run as administrator ?Can you test replacing the
perl\lib\setup.pmfile from the installation folder by the one in the attached archive: setup.pm.zip
None is working. Same error:12800067.
g-bougard
commented
1 month ago Hi @MarcSamD
but can you confirm it still works when libssl-3__.dll & libcrypto-3__.dll are copied under C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeay ?
MarcSamD
commented
1 month ago Yes, I confirm that this dll copy solution still works
g-bougard
commented
1 month ago Okay, I think I missed the path for SetDllDirectoryA API must be windows compliant... Can you try the setup.pm from the attached setup.pm.zip archive ?
It replaces:
$apiSetDllDirectory->Call($basefolder.'/perl/bin');by:
$apiSetDllDirectory->Call(File::Spec->catdir($basefolder, 'perl', 'bin'));Not working
g-bougard
commented
1 month ago Can I ask you to run the 2 perl scripts from this test-ssl.zip archive ?
For that copy them under the GLPI-Agent installation folder, open an administrative console and change directory to the installation folder. Then run them as follow:
C:\Program Files\GLPI-Agent>perl\bin\glpi-agent.exe test-ssl.pl
...
C:\Program Files\GLPI-Agent>perl\bin\glpi-agent.exe test-ssl-2.pl
...Then can you share the output of each one ? For the first, you can send it by email to not leak any private data.
The first script reproduces the ssl request test toward your GLPI but with more debug datas related to loaded openssl library and perl env.
The second script only tries what seem to fail, i.e. loading C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem in a perl array.
g-bougard
commented
1 month ago Okay, I think I found it. Can you make a copy of perl\bin\zlib1__.dll into the same folder and rename it without the 2 underscores to have zlib1.dll ?
I'm changing the way openssl will try to load zlib DLL and use provided zlib1__.dll so I hope next nightly build will fixe this problem.
MarcSamD
commented
1 month ago These 3 solutions independently work:
libssl-3__.dll & libcrypto-3__.dll from C:\Program Files\GLPI-Agent\perl\bin to C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeayC:\Program Files\GLPI-Agent\perl\bin\zlib1__.dll to C:\Program Files\GLPI-Agent\perl\vendor\lib\auto\Net\SSLeay\zlib1.dllC:\Program Files\GLPI-Agent\perl\bin\zlib1__.dll toC:\Program Files\GLPI-Agent\perl\bin\zlib1.dllg-bougard
commented
1 month ago The best now is to use latest nightly build which has updated openssl libraries and setDllDirectory call to help finding the right libraries.
Can any concerned people confirm the nightly build fixes the problem ?
Firewolf1337
commented
1 month ago I can confirm that GLPI-Agent-1.9-git9965f8a2-x64.msi solved the problem on my side on several clients.
g-bougard
commented
1 month ago Hello,
GLPI-Agent 1.9 has just been published: https://github.com/glpi-project/glpi-agent/releases/tag/1.9
Bug reporting acknowledgment
Yes, I read it
Professional support
I'm a GLPI partner
Describe the bug
Hello,
I'm installing version 1.7.2 on multiple servers and some of them are showing the following error:
[info] sending contact request to server0 [error] cannot parse C:\Program Files\GLPI-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem as PEM X509 cert: error:2006D002:BIO routines:BIO_new_file:system lib at C:/Program Files/GLPI-Agent/perl/agent/GLPI/Agent/HTTP/Client.pm line 494 thread 1.
The file is there and it's fine, I've replaced it with another one just in case and the same error persists. The installation is normal and without incidents
To reproduce
Install version 1.7.2 and launch the inventory from a Windows machine (so far it has only happened on Windows) and when sending the inventory to the server, it throws an error. No other errors appear (debug=3)
Expected behavior
do the remote inventory
Operating system
Windows
GLPI Agent version
1.7.1, Other (See additional context below)
GLPI version
10.0.x (See additional context below)
GLPIInventory plugin or other plugin version
Other (See additional context below)
Additional context
10.0.10 Proxy Agent 1.7.2 GLPI Agent 1.7.2