修复bug

2025-06-14 10:17:38 +08:00 · 2025-06-14 10:17:38 +08:00 · 47b3cbe407
commit 47b3cbe407
parent 0cef097dfa
1 changed files with 22 additions and 14 deletions
--- a/app.py
+++ b/app.py
@ -375,12 +375,10 @@ def generate_crl(ca_id):
    if not ca:
        return False

-    # 将中文路径转换为拼音
    ca_dir = os.path.dirname(ca['cert_path'])
-    pinyin_name = to_pinyin(ca['name'])
-    crl_path = os.path.join(ca_dir, f"crl_{pinyin_name}.pem")
+    crl_path = os.path.join(ca_dir, f"crl_{ca['name']}.pem")

-    # 创建必要的配置文件
+    # 创建完整的OpenSSL配置文件
    openssl_cnf = f"""
    [ ca ]
    default_ca = CA_default
@ -391,13 +389,24 @@ def generate_crl(ca_id):
    private_key = {ca['key_path']}
    crl = {crl_path}
    RANDFILE = {os.path.join(ca_dir, '.rand')}
+    default_days = 365
+    default_crl_days = 30
+    default_md = sha256
+    preserve = no
+    policy = policy_anything
+
+    [ policy_anything ]
+    countryName = optional
+    stateOrProvinceName = optional
+    localityName = optional
+    organizationName = optional
+    organizationalUnitName = optional
+    commonName = optional
+    emailAddress = optional
    """

-    # 确保目录存在
-    os.makedirs(ca_dir, exist_ok=True)
-
    cnf_path = os.path.join(ca_dir, 'openssl.cnf')
-    with open(cnf_path, 'w', encoding='utf-8') as f:
+    with open(cnf_path, 'w') as f:
        f.write(openssl_cnf)

    # 确保index.txt存在
@ -410,9 +419,8 @@ def generate_crl(ca_id):
        subprocess.run([
            'openssl', 'ca', '-gencrl',
            '-config', cnf_path,
-            '-out', crl_path,
-            '-crldays', '30'
-        ], check=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE, encoding='utf-8')
+            '-out', crl_path
+        ], check=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE)

        # 更新数据库
        next_update = datetime.now() + timedelta(days=30)
@ -439,11 +447,11 @@ def generate_crl(ca_id):
                    cursor.close()
                    conn.close()
    except subprocess.CalledProcessError as e:
-        error_msg = f"OpenSSL错误: {e.stderr}" if e.stderr else "未知OpenSSL错误"
-        print(error_msg)
+        error_msg = e.stderr.decode() if e.stderr else "Unknown OpenSSL error"
+        print(f"OpenSSL error: {error_msg}")
        flash(f'CRL生成失败: {error_msg}', 'danger')
    except Exception as e:
-        print(f"CRL生成异常: {str(e)}")
+        print(f"Error generating CRL: {str(e)}")
        flash(f'CRL生成异常: {str(e)}', 'danger')

    return False