From 47b3cbe407dca3c539337579b5ea04f813a3c79b Mon Sep 17 00:00:00 2001
From: wzj <244142824@qq.com>
Date: Sat, 14 Jun 2025 10:17:38 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dbug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/app.py b/app.py
index 3b5b337..27fff5a 100644
--- a/app.py
+++ b/app.py
@@ -375,12 +375,10 @@ def generate_crl(ca_id):
     if not ca:
         return False
 
-    # 将中文路径转换为拼音
     ca_dir = os.path.dirname(ca['cert_path'])
-    pinyin_name = to_pinyin(ca['name'])
-    crl_path = os.path.join(ca_dir, f"crl_{pinyin_name}.pem")
+    crl_path = os.path.join(ca_dir, f"crl_{ca['name']}.pem")
 
-    # 创建必要的配置文件
+    # 创建完整的OpenSSL配置文件
     openssl_cnf = f"""
     [ ca ]
     default_ca = CA_default
@@ -391,13 +389,24 @@ def generate_crl(ca_id):
     private_key = {ca['key_path']}
     crl = {crl_path}
     RANDFILE = {os.path.join(ca_dir, '.rand')}
+    default_days = 365
+    default_crl_days = 30
+    default_md = sha256
+    preserve = no
+    policy = policy_anything
+
+    [ policy_anything ]
+    countryName = optional
+    stateOrProvinceName = optional
+    localityName = optional
+    organizationName = optional
+    organizationalUnitName = optional
+    commonName = optional
+    emailAddress = optional
     """
 
-    # 确保目录存在
-    os.makedirs(ca_dir, exist_ok=True)
-
     cnf_path = os.path.join(ca_dir, 'openssl.cnf')
-    with open(cnf_path, 'w', encoding='utf-8') as f:
+    with open(cnf_path, 'w') as f:
         f.write(openssl_cnf)
 
     # 确保index.txt存在
@@ -410,9 +419,8 @@ def generate_crl(ca_id):
         subprocess.run([
             'openssl', 'ca', '-gencrl',
             '-config', cnf_path,
-            '-out', crl_path,
-            '-crldays', '30'
-        ], check=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE, encoding='utf-8')
+            '-out', crl_path
+        ], check=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE)
 
         # 更新数据库
         next_update = datetime.now() + timedelta(days=30)
@@ -439,11 +447,11 @@ def generate_crl(ca_id):
                     cursor.close()
                     conn.close()
     except subprocess.CalledProcessError as e:
-        error_msg = f"OpenSSL错误: {e.stderr}" if e.stderr else "未知OpenSSL错误"
-        print(error_msg)
+        error_msg = e.stderr.decode() if e.stderr else "Unknown OpenSSL error"
+        print(f"OpenSSL error: {error_msg}")
         flash(f'CRL生成失败: {error_msg}', 'danger')
     except Exception as e:
-        print(f"CRL生成异常: {str(e)}")
+        print(f"Error generating CRL: {str(e)}")
         flash(f'CRL生成异常: {str(e)}', 'danger')
 
     return False