Change default user-agent string to be compatible with newer Cisco servers

See https://gitlab.com/openconnect/openconnect/-/issues/665 for a summary of
this issue.

This implements the simplest reasonable solution to the problem: Just Change
The Default™ UA string.

Short summary: Cisco did something stupidly backwards-incompatible in their
authentication flow.  It's hard to tell if it was due to incompetence or due
to malice towards unofficial clients
(https://gitlab.com/openconnect/openconnect/-/issues/635#note_1451782874)
but it doesn't really matter.

If merged, this should fix #544, #593, #602, #618, #635, #657, #662,
and #665.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/main.c b/main.c
index 196a193142c723d8801d7251cf977dc8bfb26cc1..5d752cab9b2515592ddf8a3574bab1f36cc7dbaf 100644 (file)
--- a/main.c
+++ b/main.c
@@ -1774,7 +1774,7 @@ int main(int argc, char **argv)
 
        openconnect_init_ssl();
 
-       vpninfo = openconnect_vpninfo_new("Open AnyConnect VPN Agent",
+       vpninfo = openconnect_vpninfo_new("AnyConnect-compatible OpenConnect VPN Agent",
                validate_peer_cert, NULL, process_auth_form_cb, write_progress, NULL);
        if (!vpninfo) {
                fprintf(stderr, _("Failed to allocate vpninfo structure\n"));

diff --git a/www/changelog.xml b/www/changelog.xml
index 47d7198de33287d027557e32355e5c4f0665e8db..330a49edec754460794ccb658c30041c6108d160 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -18,6 +18,16 @@
        <li>Fix ASN.1 encoding of TPMv2 ECDSA signatures with GnuTLS &amp;lt; 3.6.0</li>
        <li>Handle Pulse configuration packets that cannot fit in a single TLS frame (<a href="https://gitlab.com/openconnect/openconnect/-/issues/617">#617</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/480">!480</a>).</li>
        <li>Send operating system information to Pulse servers (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/481">!481</a>).</li>
+       <li>Change default user-agent string to be compatible with newer Cisco servers (
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/544">#544</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/593">#593</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/602">#602</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/618">#618</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/635">#635</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/657">#657</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/662">#662</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/issues/665">#665</a>,
+         <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/497">!497</a>).</li>
      </ul><br/>
   </li>
   <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-9.12.tar.gz">OpenConnect v9.12</a></b>