This function was added in d257a7e7cec848c58671ba7df8e035757bf10183
("Consolidate check_http_status from gpst.c and ppp.c").
With this change, there is no longer any place where OpenConnect *expects*
the exact string HTTP/1.1 from a server; it should now accept HTTP/%c.%c everywhere
(even in f5_dtls_catch_probe which handles HTTP-over-DTLS).
This simplifies fake-cisco-server.py, since we can now allow Flask to operate in
its default, naïve HTTP/1.0 mode, and not worry about the complicates of HTTP/1.1
connection reuse in this very simple server.
Signed-off-by: Daniel Lenski <email address hidden>
Make xmlnode_get_val() trim whitespace from XML node content
This is motivated by the fact that GlobalProtect portals often put extra
whitespace in the software version tag ('<version> 5.1.2-3
</version>'), and there is no case where we actually want to keep
leading/trailing whitespace.
The function fetch_and_trim() from xml.c already handles the needed
whitespace-trimming behavior, but we need to *duplicate* it (as
xmlnode_get_trimmed_val) in order to use it in both openconnect (the
application) and libopenconnect (the library), without making it a public
function of the library.
Signed-off-by: Daniel Lenski <email address hidden>
Interestingly, the GlobalProtect portal itself includes a server software
version identifier ('<version>X.Y.Z-W</version>' in the response to 'POST
/global-protect/getconfig.esp').
It appears that releases of the server and client software are closely
matched, so one approach to avoiding "client too old" errors is to simply
parrot the software version from the portal back to the gateway as the
*client* version. This commit does just that, (ab)using the
vpninfo->mobile_platform_version field to store the version identifier.
Getting the ICMPv6 packets to have correct checksums was quite tricky (see
commit notes) and the commit was revised several times.
Somehow we managed to remove the pre-existing code to compute the checksum
correctly in the case of ICMPv4 "magic pings", leaving behind an ICMPv4
checksum that's always zero (and thus rejected by the server, and never
correctly initiates a connection).
Signed-off-by: Daniel Lenski <email address hidden>
Strictly speaking, using memset() here violates strict aliasing rules,
and it would be entirely permissible for an assert() like this example
to *fail*:
We need to add four (for the characters we're about to append) *after*
checking against line_len and resetting ll to zero. Otherwise the first
line thinks it starts at 4 while the others start at 0.
Signed-off-by: David Woodhouse <email address hidden>