** Changed in: lastpass-cli (Ubuntu Bionic)
     Assignee: (unassigned) => Nafallo Bjälevik (nafallo)

** Changed in: lastpass-cli (Ubuntu Bionic)
       Status: New => In Progress

** Description changed:

- When I try to login into my account using lastpass-cli (lpass login
- usern...@server.com), it respond with error:
+ [Impact]
  
- Error: Peer certificate cannot be authenticated with given CA
- certificates.
+ lastpass.com provisioned a new SSL certificate on their servers.
+ Their packaged client use their API via SSL, and pin which certificates are 
allowed to sign their certificate.
+ Since the new certificate is signed by certificate not in the list, we need 
to patch it in for the client to allow connections.
  
- Several day ago it worked.
+ The client in it's current state is useless and errors out with: "Error:
+ Peer certificate cannot be authenticated with given CA certificates."
+ for all operations working against the API, which is almost all of them.
  
- I found this ticket at their project site:
+ Upstream bug: https://github.com/lastpass/lastpass-cli/issues/409
+ Upstream fix: 
https://github.com/lastpass/lastpass-cli/commit/b888411b042df9414d1d78d99332b672e65c4eb9
  
- https://github.com/lastpass/lastpass-cli/issues/88
+ [Test Case]
  
- Unfortunately, github is unreachable from my place whole day. So I cannot 
check this link or try to install app from sources.
- So, I'll try to describe issue as I remember it.
+ `lpass login t...@example.com` will cause an error: "Error: Peer
+ certificate cannot be authenticated with given CA certificates."
  
- As far as I can understand, developers of this tool changed approach to how 
they use CA certificates in the app recently.
- Also they migrated to another certificate issuer, consequentially, 
certificate changed on the lastpass.com site.
- But older version of app, which is contained in Ubuntu's repository uses more 
old approach and bundled old certificate.
+ [Regression Potential]
  
- If I understand right, newer version should exchange with server and
- update certificate automatically, but this version is not in the
- Ubuntu's repo yet. If my assumption is right, than someone should update
- package in the repo.
+ The application is already unusable, but even if we consider a working
+ version we're only adding a couple of SSL certificates to the validation
+ list.
  
- ProblemType: Bug
- DistroRelease: Ubuntu 15.10
- Package: lastpass-cli 0.5.0-1
- ProcVersionSignature: Ubuntu 4.2.0-30.36-generic 4.2.8-ckt3
- Uname: Linux 4.2.0-30-generic x86_64
- ApportVersion: 2.19.1-0ubuntu5
- Architecture: amd64
- CurrentDesktop: xsession
- Date: Thu Mar 10 16:55:27 2016
- InstallationDate: Installed on 2016-03-08 (1 days ago)
- InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
- SourcePackage: lastpass-cli
- UpgradeStatus: No upgrade log present (probably fresh install)
+ [Other info]
+ 
+ I would suggest we pocket copy lastpass-cli=1.0.0-1.2ubuntu2 from cosmic
+ to bionic-proposed.

** Tags removed: amd64 apport-bug wily
** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1555562

Title:
  lastpass-cli changed bundled CA certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lastpass-cli/+bug/1555562/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to