some updates:
I patched and compiled the latest version of openconnect 2.26 and it works!

BUT (there's always a but ...)

I need some help here. I'm still on PR1.2 (lazy, I know) and the SDK is on PR1.3. When I'm building the DEB file, it receives a dependency of libssl >=0.9.8m.

So it doesn't install on mine,as I have a version 0.9.8e from PR1.2.
But when looking in details at my libssl package in FAP, I see there's now a 0.9.8n version available. I upgraded to that one (it also upgraded openssl alongside) and as expected, it now accepts and installs my new openconnect 2.26 DEB.

Can people check if libssl 0.9.8n is indeed the version supplied with PR1.3 ?

First hurdle taken.

Then, when connecting via the openconnect-gui, using the 2.26 version (no other changes), I'm getting a nice error log message about the server certificate not being verifiable due to missing local issuer certificate and asking if I want to accept the certificate anyway. Of course, the openconnect-gui doesn't handle this user input situation.

When running openconnect in xterm, I can enter 'yes' and it connects fine to my VPN server, all fine, as planned.

I think I can also override this check when calling the openconnect command, executed by the openconnect-gui, so there is no user issue with this. It might be a bit less safe. But not less safe than when using the current 2.12 solution, as that one doesn't care at all about the server certificate anyway
Do people like this proposed (eyes closed) behaviour ?

The very good thing about the new openssl 0.9.8n version is the fact it seems to allows DTLS No need for the default option (--no-dtls) anymore. Yes !!
This should allow performance gains in dropped packets environments, like 3G connections

Of course further testing should happen, as there were some other strange messages on screen, about a dead peer. The connection is made fine though, data routed through the VPN.
I'll look into that issue if proven troublesome for some.

So if people confirm the version in PR1.3 and the preferred wanted behaviour concerning the accepting of the server certificate, I can make then make the required changes and get a new GUI version out.

For people who want to follow along, here's the latest, working openconnect 2.26 DEB.

Again, all requests/info is welcome. if time permits, I'll work on them

ps. I really need to get my stuff in garage now, getting it properly registered and using autobuild !
Maybe when I have a version of both packages, where people are happy with...

ps2. Maybe I can create my own openconnect VPN status applet, such as the one from VPNC