invoke openconnect with originally-input server hostname rather than IP, to ensure that 'Host: ' header matches originally-input hostname
Previously, NM-oc invoked openconnect --servercert $HASH $IP:$PORT
for the connection phase. This causes problems for VPN servers implemented as name-based vhosts, where a Host: [IPv4_address]
header in the HTTPS request(s) will lead to errors. See #46 (closed) for an example.
With this change, NM-oc invokes openconnect --servercert $HASH --resolve $HOSTNAME:$IP $HOSTNAME:$PORT
, which ensures that the Host:
header contains a real hostname wherever possible and leaves certificate handling unchanged.
Tested by @Nephyrin in #46 (comment 1015652)
UPDATE: I've also incorporated a fix for #18 here (see discussion in !14 (comment 1016563)), since it also fits in closely with the handling of the gateway string.