[PATCH] add per-protocol override for HTTP User-Agent

Daniel Lenski dlenski at gmail.com
Sun Dec 17 14:57:33 PST 2017


On Sun, Dec 17, 2017 at 12:30 PM, Daniel Lenski <dlenski at gmail.com> wrote:
> This patch is intended to support protocols, like GlobalProtect, which
> require a specific User-Agent header value to be set in order to work
> correctly.

It would basically be a slightly more generic version of what David
added in: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/4387e14cf4183d4603b42d5e98583904d8579f3c

> It could be written in other ways (for example, a callable function to
> add the appropriate HTTP header, rather than a fixed string), but in
> the absence of any known use for a more complex version, this seems
> like the most straightforward approach.

The expectation that OpenConnect can use an HTTPS User-Agent header
based on a truthful name and version of the connecting software is
fairly deeply embedded in the API right now and it's probably a good
idea to keep it. I believe it works fine for all, or nearly all,
AnyConnect and Juniper VPNs. I've certainly never found one where I
*had* to override the User-Agent string in order for the server to let
me connect.

However, there *are* some cases where Juniper servers generate much
simpler-to-parse HTML forms if they are accessed with "User-Agent:
ncsvc", which is the value sent by the mini-HTML-browser built into
the official NC clients' connection GUI. I mentioned one such example
which I've exploited here:
http://lists.infradead.org/pipermail/openconnect-devel/2017-January/004190.html

-Dan



More information about the openconnect-devel mailing list