[Bug 1555562] Re: lastpass-cli changed bundled CA certificates

[Nafallo Bjälevik]

** Changed in: lastpass-cli (Ubuntu)
       Status: Fix Committed => Fix Released

** Changed in: lastpass-cli (Ubuntu)
     Assignee: Nafallo Bjälevik (nafallo) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1555562

Title:
  lastpass-cli changed bundled CA certificates

Status in lastpass-cli package in Ubuntu:
  Fix Released
Status in lastpass-cli source package in Bionic:
  In Progress

Bug description:
  [Impact]

  lastpass.com provisioned a new SSL certificate on their servers.
  Their packaged client use their API via SSL, and pin which certificates are allowed to sign their certificate.
  Since the new certificate is signed by certificate not in the list, we need to patch it in for the client to allow connections.

  The client in it's current state is useless and errors out with:
  "Error: Peer certificate cannot be authenticated with given CA
  certificates." for all operations working against the API, which is
  almost all of them.

  Upstream bug: https://github.com/lastpass/lastpass-cli/issues/409
  Upstream fix: https://github.com/lastpass/lastpass-cli/commit/b888411b042df9414d1d78d99332b672e65c4eb9

  [Test Case]

  `lpass login test at example.com` will cause an error: "Error: Peer
  certificate cannot be authenticated with given CA certificates."

  [Regression Potential]

  The application is already unusable, but even if we consider a working
  version we're only adding a couple of SSL certificates to the
  validation list.

  [Other info]

  I would suggest we pocket copy lastpass-cli=1.0.0-1.2ubuntu2 from
  cosmic to bionic-proposed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lastpass-cli/+bug/1555562/+subscriptions