From 32d66a4cffb03f68319262e982c3309047add01c Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 21 Jun 2017 16:47:05 +0200 Subject: Verify raw content of auth header instead of decoded text. The decoded text representation is an educated guess by the Requests package. Patch by Magnus Ahltorp. --- tools/certtools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/certtools.py b/tools/certtools.py index 7a5f9fc..5aa2251 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -329,7 +329,7 @@ def http_request_session(url, data=None, key=None, verifynode=None, params=None, result.raise_for_status() authheader = result.headers.get('X-Catlfish-Auth') data = result.text - check_auth_header(authheader, verifynode, data, url_to_sign) + check_auth_header(authheader, verifynode, result.content, url_to_sign) return data def get_signature(baseurl, data, key=None): -- cgit v1.1