Newer AnyConnect installations may have compatibility issues with OpenConnect for several reasons: 1) The gateway may look for new HTTP headers that are currently missing (but recent versions of the AnyConnect client do send them). 2) The gateway can be configured to check those headers for information like the client's host OS, and deny access if it doesn't say e.g. "Windows." 3) They expect the auth POST data to be in XML format, rather than just a urlencoded query string. 4) They expect other information in the POST data (like copying an "opaque" field from the auth request). Some of this information is used for things like aborting the VPN connection if the server configuration has changed since the form was first rendered. 5) CSD/Hostscan looks like it might be more closely integrated with vpnui/vpn now. The gateway no longer provides a valid URL to the trojan binary, and it isn't clear how to run it on its own anymore. I took a crack at addressing these items, and it is working for me now. But there were quite a few changes and it would be good to get some additional review and/or test coverage. Web: https://github.com/cernekee/openconnect/commits/xmlpost-v1 The following changes since commit b65bf54c330d3d45414f004009cf6a94e37e33f9: Fix missing verb in Solaris error message (2012-10-22 17:00:05 +0100) are available in the git repository at: git://github.com/cernekee/openconnect xmlpost-v1 for you to fetch changes up to d7f91bbd038dcee3ca803a90d38f7456fe8229f2: stoken: Fix CSD/stoken interaction (2012-10-28 01:22:56 -0700) ---------------------------------------------------------------- Kevin Cernekee (21): openssl: Fix missing newline on "Failed to write" error string http: Split HTTP redirect and cookie clear logic into helper functions http: Fix overflow on HTTP request buffers http: Create add_common_headers() to simplify HTTP request code auth: Remove obsolete trace message from parse_form() auth: Move <auth> node parsing into a separate function auth: Introduce new XML helper functions for parse_auth_node() auth: Don't forget to free OC_FORM_OPT_STOKEN entries auth: Split auth form prompt logic from parsing logic auth: Parse the new server response format library: Add call to change reported OS name Allow setting reported OS from the command line auth: Add new XML POST capability http: Split GET/POST logic into a helper function http: Add new X-* HTTP headers http: Record the last redirection type csd: Don't return from run_csd_script() in the forked process csd: Export some useful environment variables http: Rewrite openconnect_obtain_cookie() loop Fix a couple of valgrind warnings stoken: Fix CSD/stoken interaction auth.c | 481 ++++++++++++++++++++++++++++++------- http.c | 620 ++++++++++++++++++++++++++++++++++-------------- libopenconnect.map.in | 5 + library.c | 41 +++- main.c | 15 +- openconnect-internal.h | 18 +- openconnect.h | 4 + openssl.c | 2 +- 8 files changed, 916 insertions(+), 270 deletions(-)
