From: Daniel Lenski Date: Tue, 26 Sep 2023 22:29:48 +0000 (-0700) Subject: Change default user-agent string to be compatible with newer Cisco servers X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=2b0a94b94e7effbe7874514e8bcdf5218103df9b;p=users%2Fdwmw2%2Fopenconnect.git Change default user-agent string to be compatible with newer Cisco servers See https://gitlab.com/openconnect/openconnect/-/issues/665 for a summary of this issue. This implements the simplest reasonable solution to the problem: Just Change The Defaultâ„¢ UA string. Short summary: Cisco did something stupidly backwards-incompatible in their authentication flow. It's hard to tell if it was due to incompetence or due to malice towards unofficial clients (https://gitlab.com/openconnect/openconnect/-/issues/635#note_1451782874) but it doesn't really matter. If merged, this should fix #544, #593, #602, #618, #635, #657, #662, and #665. Signed-off-by: Daniel Lenski --- diff --git a/main.c b/main.c index 196a1931..5d752cab 100644 --- a/main.c +++ b/main.c @@ -1774,7 +1774,7 @@ int main(int argc, char **argv) openconnect_init_ssl(); - vpninfo = openconnect_vpninfo_new("Open AnyConnect VPN Agent", + vpninfo = openconnect_vpninfo_new("AnyConnect-compatible OpenConnect VPN Agent", validate_peer_cert, NULL, process_auth_form_cb, write_progress, NULL); if (!vpninfo) { fprintf(stderr, _("Failed to allocate vpninfo structure\n")); diff --git a/www/changelog.xml b/www/changelog.xml index 47d7198d..330a49ed 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -18,6 +18,16 @@
  • Fix ASN.1 encoding of TPMv2 ECDSA signatures with GnuTLS < 3.6.0
  • Handle Pulse configuration packets that cannot fit in a single TLS frame (#617, !480).
  • Send operating system information to Pulse servers (!481).
    • +
  • Change default user-agent string to be compatible with newer Cisco servers ( + #544, + #593, + #602, + #618, + #635, + #657, + #662, + #665, + !497).

  • OpenConnect v9.12