Page 1 of 1
Last Pass: Problem with ssl certificates and getting online
Posted: Fri 16 Aug 2013, 17:10
by redandwhitestripes
Hi guys,
I’m still running Precise on a frugal install.
I’m using a superb app called Last Pass, which is a vault for all passwords and uses encryption and various security measures. It features a portable app (called Pocket) that works from a USB so the user can login from a different computer and still be safe.
I’m test driving the portable app from home and it says it "cannot access internet, error frameopen(2)"
The debug from the console reads:
./pocket -d
(pocket:14336): Gtk-CRITICAL **: IA__gtk_widget_set_size_request: assertion ‘height >= -1' failed
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Error
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Error
^C
Now after some research I gather this is something to do with certificate validation. Last Pass themselves suggest running
.
Run 'sudo apt-get install ca-certificates libssl0.9.8' to update necessary packages
But of course I can’t do that. I’ve tried a few manual installs for libssl0.9.8 from debian sites but I still get the same problem.
An OSX user has had the same problem, it has been resolved but I can't follow the tech jargon:
https://forums.lastpass.com/viewtopic.php?t=719
Can anyone help?
Many thanks,
Greg
Posted: Fri 16 Aug 2013, 18:06
by Semme
Hello Greg,
You might have an update-ca-certificates script in /usr/sbin. Click it, then try your app.
If it's still a no-show, you should find this in PPM >> ca-certificates_20111211_all.deb
Posted: Fri 16 Aug 2013, 23:54
by redandwhitestripes
Thanks, I found the file and clicked it but no change. I serached google for that package you suggest as I couldn't find it in PPM. I installed it but still....
(pocket:28910): Gtk-CRITICAL **: IA__gtk_widget_set_size_request: assertion `height >= -1' failed
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Error
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Error
Posted: Sat 17 Aug 2013, 00:33
by Semme
That PPM didn't have the pkg suggests you update.
As for the certs, this dumps what:
curl -S https://lastpass.com
Since I've gotta be in bed early tonight, I'll leave you with a few
suggestions..
And others that may fly >>
caextract and
sslcerts.
FF >>
http://www.cyberciti.biz/faq/firefox-adding-trusted-ca/
==
What else you keep on this usb?
Your browser of choice?
==
Ahhh.. as I thought. The FF extension logs in without incident.
I suspect Pocket is expecting them somewhere they're not..
Posted: Sat 17 Aug 2013, 12:29
by redandwhitestripes
Thanks for your time. I followed the links you gave but SSL certification is something I have only a layman's knowledge of, so I can't link the information to my problem.
I found a directory /usr/share/ca-certificates and symlinked everything there to /etc/ssl/certs but still......
(pocket:15343): Gtk-CRITICAL **: IA__gtk_widget_set_size_request: assertion `height >= -1' failed
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 E(pocket:15343): Gtk-CRITICAL **: IA__gtk_widget_set_size_request: assertion `height >= -1' failed
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Error
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Errorrror String: Error
Handling POST
* error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Linux HTTP(S) Post failed
Code: 0 Error String: Error
I keep various other items on the USB, films, leters, etc. I've also installed Firefox Portable for Windows
Posted: Sat 17 Aug 2013, 14:00
by pemasu
Posted: Sat 17 Aug 2013, 16:47
by redandwhitestripes
That's worked Pemsu, thank you SO much, and thank you again Semme
Posted: Sun 18 Aug 2013, 05:01
by redandwhitestripes
OK on the same note, I'm now testing a second lastpass app called 'sesame', it's useful is it allows users to use their smartphone UUID only as a second layer of authentication.
The debug is now feeding me:
Connected to lastpass.com (128.121.22.133) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
Linux HTTP(S) Post failed
Code: 0 Error String: Peer certificate cannot be authenticated with known CA certificates
Handling POST
* About to connect() to lastpass.com port 443 (#0)
* Trying 38.127.167.7... * connected
* Connected to lastpass.com (38.127.167.7) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
Linux HTTP(S) Post failedConnected to lastpass.com (128.121.22.133) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
Linux HTTP(S) Post failed
Code: 0 Error String: Peer certificate cannot be authenticated with known CA certificates
Handling POST
* About to connect() to lastpass.com port 443 (#0)
* Trying 38.127.167.7... * connected
* Connected to lastpass.com (38.127.167.7) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
Linux HTTP(S) Post failed
Code: 0 Error String: Peer certificate cannot be authenticated with known CA certificates
I can see this is a certificate issue but I've manually typed the update command in the console.
Any suggestions? I've also reported the problem to lastpass.