lastpass-cli changed bundled CA certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lastpass-cli (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Nafallo Bjälevik |
Bug Description
[Impact]
lastpass.com provisioned a new SSL certificate on their servers.
Their packaged client use their API via SSL, and pin which certificates are allowed to sign their certificate.
Since the new certificate is signed by certificate not in the list, we need to patch it in for the client to allow connections.
The client in it's current state is useless and errors out with: "Error: Peer certificate cannot be authenticated with given CA certificates." for all operations working against the API, which is almost all of them.
Upstream bug: https:/
Upstream fix: https:/
[Test Case]
`lpass login <email address hidden>` will cause an error: "Error: Peer certificate cannot be authenticated with given CA certificates."
[Regression Potential]
The application is already unusable, but even if we consider a working version we're only adding a couple of SSL certificates to the validation list.
[Other info]
I would suggest we pocket copy lastpass-
Changed in lastpass-cli (Ubuntu): | |
assignee: | nobody → Nafallo Bjälevik (nafallo) |
status: | Confirmed → In Progress |
Changed in lastpass-cli (Ubuntu Bionic): | |
assignee: | nobody → Nafallo Bjälevik (nafallo) |
status: | New → In Progress |
description: | updated |
tags: |
added: verification-needed-bionic removed: amd64 apport-bug wily |
Changed in lastpass-cli (Ubuntu): | |
status: | Fix Committed → Fix Released |
assignee: | Nafallo Bjälevik (nafallo) → nobody |
tags: | added: verification-done |
Status changed to 'Confirmed' because the bug affects multiple users.