Closed stfnhh closed 11 months ago
Hello, I believe it would be preferable to append new thumbprints at the end without removing the preceding ones to maintain the history. Additionally, you seem to have overlooked adding the thumbprint associated with lastpass.eu.
Could you amend your commit using this information instead?
/* fix 2023-08-29 lastpass.com (leaf) */
"YDjIAXSYj+mh+25FGifAiKN4oNOAj+as6gQv4naQG0M=",
/* fix 2023-08-29 lastpass.eu (leaf) */
"SjMnNhjAyVM5Yv6O5JaQgNygBTU0wdb8Jz3mfQfTc28="
As mentioned in https://github.com/lastpass/lastpass-cli/issues/653 this PR should really be changed to pin to "GlobalSign ECC Root CA - R5" instead of the actual certificate.
I have tried to change the pins.h to include:
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8=
and rebuild the lastpass-cli and this works.
The certificate was found by going to GlobalSign and find the root ca certificate for the lastpass.com certificate (https://secure.globalsign.net/cacert/Root-R5.crt).
As mentioned in https://github.com/lastpass/lastpass-cli/issues/653 this PR should really be changed to pin to "GlobalSign ECC Root CA - R5" instead of the actual certificate.
I have tried to change the pins.h to include:
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8=
and rebuild the lastpass-cli and this works.
The certificate was found by going to GlobalSign and find the root ca certificate for the lastpass.com certificate (https://secure.globalsign.net/cacert/Root-R5.crt).
That would postpone the next malfunction to 2028 instead of next year! (If they sign their next certificate using the same certification chain. => If they change the certification authority, however...)
Looks like this PR was made obsolete by https://github.com/lastpass/lastpass-cli/pull/655 which is already merged.
Thank you for the help! 1.3.6 release should contain this fix, so I close this PR.
Fix for #653