Send X-AnyConnect-STRAP-Pubkey and X-AnyConnect-STRAP-DH-Pubkey

Unless we send both of these, the browser doesn't end up redirecting
to localhost port 29786 at all. It just reports success.

This makes me suspect that the cookie is actually *encrypted* and we need
to decrypt it with the private key corresponding to the pubkey we provide.

diff --git a/cstp.c b/cstp.c
index d390973f3a1b949fe1da49152b45a1a46d8f800d..346f353980c4e8f4c65830f06b1abcfae6fcd9c0 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -1241,6 +1241,8 @@ void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *b
        buf_append(buf, "Accept: */*\r\n");
        buf_append(buf, "Accept-Encoding: identity\r\n");
        buf_append(buf, "X-Transcend-Version: 1\r\n");
+       buf_append(buf, "X-AnyConnect-STRAP-Pubkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE1kRZ46P1wUKuAWuQaJwjoFpqej5BGnr5ShFZlCKX7FeAaSNYuRUNmPFhp3idqEdlGYfEoGK60sQ0GxjAAnKqg==\r\n");
+       buf_append(buf, "X-AnyConnect-STRAP-DH-Pubkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElL0KYmYoCmQCHUntB5wdkTYuyyuB4IUBgWgEBpfYVEFhzPZcN8PMTjkM2f7VfpWDTTeUtefLHdtNSQFfkTiFlg==\r\n");
        if (vpninfo->xmlpost)
                buf_append(buf, "X-Aggregate-Auth: 1\r\n");
        if (vpninfo->try_http_auth)