** Changed in: lastpass-cli (Ubuntu Bionic) Assignee: (unassigned) => Nafallo Bjälevik (nafallo)
** Changed in: lastpass-cli (Ubuntu Bionic) Status: New => In Progress ** Description changed: - When I try to login into my account using lastpass-cli (lpass login - usern...@server.com), it respond with error: + [Impact] - Error: Peer certificate cannot be authenticated with given CA - certificates. + lastpass.com provisioned a new SSL certificate on their servers. + Their packaged client use their API via SSL, and pin which certificates are allowed to sign their certificate. + Since the new certificate is signed by certificate not in the list, we need to patch it in for the client to allow connections. - Several day ago it worked. + The client in it's current state is useless and errors out with: "Error: + Peer certificate cannot be authenticated with given CA certificates." + for all operations working against the API, which is almost all of them. - I found this ticket at their project site: + Upstream bug: https://github.com/lastpass/lastpass-cli/issues/409 + Upstream fix: https://github.com/lastpass/lastpass-cli/commit/b888411b042df9414d1d78d99332b672e65c4eb9 - https://github.com/lastpass/lastpass-cli/issues/88 + [Test Case] - Unfortunately, github is unreachable from my place whole day. So I cannot check this link or try to install app from sources. - So, I'll try to describe issue as I remember it. + `lpass login t...@example.com` will cause an error: "Error: Peer + certificate cannot be authenticated with given CA certificates." - As far as I can understand, developers of this tool changed approach to how they use CA certificates in the app recently. - Also they migrated to another certificate issuer, consequentially, certificate changed on the lastpass.com site. - But older version of app, which is contained in Ubuntu's repository uses more old approach and bundled old certificate. + [Regression Potential] - If I understand right, newer version should exchange with server and - update certificate automatically, but this version is not in the - Ubuntu's repo yet. If my assumption is right, than someone should update - package in the repo. + The application is already unusable, but even if we consider a working + version we're only adding a couple of SSL certificates to the validation + list. - ProblemType: Bug - DistroRelease: Ubuntu 15.10 - Package: lastpass-cli 0.5.0-1 - ProcVersionSignature: Ubuntu 4.2.0-30.36-generic 4.2.8-ckt3 - Uname: Linux 4.2.0-30-generic x86_64 - ApportVersion: 2.19.1-0ubuntu5 - Architecture: amd64 - CurrentDesktop: xsession - Date: Thu Mar 10 16:55:27 2016 - InstallationDate: Installed on 2016-03-08 (1 days ago) - InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021) - SourcePackage: lastpass-cli - UpgradeStatus: No upgrade log present (probably fresh install) + [Other info] + + I would suggest we pocket copy lastpass-cli=1.0.0-1.2ubuntu2 from cosmic + to bionic-proposed. ** Tags removed: amd64 apport-bug wily ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1555562 Title: lastpass-cli changed bundled CA certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lastpass-cli/+bug/1555562/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs