From 4bae28e3c6c4ace646dc7cce21bfbb599ee2b5a7 Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Thu, 31 Mar 2022 18:08:29 +0100
Subject: [PATCH] Send X-AnyConnect-STRAP-Pubkey and
 X-AnyConnect-STRAP-DH-Pubkey

Unless we send both of these, the browser doesn't end up redirecting
to localhost port 29786 at all. It just reports success.

This makes me suspect that the cookie is actually *encrypted* and we need
to decrypt it with the private key corresponding to the pubkey we provide.
---
 cstp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cstp.c b/cstp.c
index d390973f..346f3539 100644
--- a/cstp.c
+++ b/cstp.c
@@ -1241,6 +1241,8 @@ void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *b
 	buf_append(buf, "Accept: */*\r\n");
 	buf_append(buf, "Accept-Encoding: identity\r\n");
 	buf_append(buf, "X-Transcend-Version: 1\r\n");
+	buf_append(buf, "X-AnyConnect-STRAP-Pubkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE1kRZ46P1wUKuAWuQaJwjoFpqej5BGnr5ShFZlCKX7FeAaSNYuRUNmPFhp3idqEdlGYfEoGK60sQ0GxjAAnKqg==\r\n");
+	buf_append(buf, "X-AnyConnect-STRAP-DH-Pubkey: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElL0KYmYoCmQCHUntB5wdkTYuyyuB4IUBgWgEBpfYVEFhzPZcN8PMTjkM2f7VfpWDTTeUtefLHdtNSQFfkTiFlg==\r\n");
 	if (vpninfo->xmlpost)
 		buf_append(buf, "X-Aggregate-Auth: 1\r\n");
 	if (vpninfo->try_http_auth)
-- 
2.50.1