From 4ec7a9d1e9cf31d9cc00c81578ffb52d15f91181 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Fri, 17 Mar 2017 00:50:27 +0100
Subject: Verify http auth signature correctly.

Don't interpret http contents when content type is "application/octet-stream".
---
 tools/certtools.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/certtools.py b/tools/certtools.py
index 7a5f9fc..cb56a8d 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -328,8 +328,11 @@ def http_request_session(url, data=None, key=None, verifynode=None, params=None,
         result = session.send(prepared_req, verify=sslparameters.cafile)
     result.raise_for_status()
     authheader = result.headers.get('X-Catlfish-Auth')
-    data = result.text
-    check_auth_header(authheader, verifynode, data, url_to_sign)
+    if result.headers['Content-Type'] == "application/octet-stream":
+        data = result.content
+    else:
+        data = result.text
+    check_auth_header(authheader, verifynode, result.content, url_to_sign)
     return data
 
 def get_signature(baseurl, data, key=None):
-- 
cgit v1.1