From fed5afd41ace0817d7bbd6ff465bddc7537b7abf Mon Sep 17 00:00:00 2001 From: wzj <244142824@qq.com> Date: Sat, 14 Jun 2025 11:39:54 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dbug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app.py | 87 +++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 53 insertions(+), 34 deletions(-) diff --git a/app.py b/app.py index c436ad8..1c73848 100644 --- a/app.py +++ b/app.py @@ -249,36 +249,45 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi # 创建CSR配置文件 csr_config = f"""[req] - default_bits = {key_size} - prompt = no - default_md = sha256 - distinguished_name = dn - req_extensions = req_ext +default_bits = {key_size} +prompt = no +default_md = sha256 +distinguished_name = dn +""" - [dn] - CN = {common_name} - O = {organization} - OU = {organizational_unit} - C = {country} - ST = {state} - L = {locality} + # 只有在有SAN时才添加扩展部分 + has_san = bool(san_dns or san_ip) + if has_san: + csr_config += "req_extensions = req_ext\n" - [req_ext] - subjectAltName = @alt_names + csr_config += f""" +[dn] +CN = {common_name} +O = {organization} +OU = {organizational_unit} +C = {country} +ST = {state} +L = {locality} +""" - [alt_names]""" + if has_san: + csr_config += """ +[req_ext] +subjectAltName = @alt_names - # 添加DNS SAN条目 - if san_dns: - dns_entries = [dns.strip() for dns in san_dns.split(',') if dns.strip()] - for i, dns in enumerate(dns_entries, 1): - csr_config += f"\nDNS.{i} = {dns}" +[alt_names]""" - # 添加IP SAN条目 - if san_ip: - ip_entries = [ip.strip() for ip in san_ip.split(',') if ip.strip()] - for i, ip in enumerate(ip_entries, 1): - csr_config += f"\nIP.{i} = {ip}" + # 添加DNS SAN条目 + if san_dns: + dns_entries = [dns.strip() for dns in san_dns.split(',') if dns.strip()] + for i, dns in enumerate(dns_entries, 1): + csr_config += f"\nDNS.{i} = {dns}" + + # 添加IP SAN条目 + if san_ip: + ip_entries = [ip.strip() for ip in san_ip.split(',') if ip.strip()] + for i, ip in enumerate(ip_entries, 1): + csr_config += f"\nIP.{i} = {ip}" # 确保配置文件不以空行结尾 csr_config = csr_config.strip() @@ -288,17 +297,27 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi f.write(csr_config) # 生成CSR - subprocess.run([ - 'openssl', 'req', '-new', '-key', key_path, '-out', csr_path, - '-config', config_path - ], check=True) + try: + subprocess.run([ + 'openssl', 'req', '-new', '-key', key_path, '-out', csr_path, + '-config', config_path + ], check=True) + except subprocess.CalledProcessError as e: + print(f"OpenSSL错误: {e}") + print("CSR配置文件内容:") + print(csr_config) + return None # 使用CA签名证书 - subprocess.run([ - 'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'], - '-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path, - '-days', str(days_valid), '-sha256' - ], check=True) + try: + subprocess.run([ + 'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'], + '-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path, + '-days', str(days_valid), '-sha256' + ], check=True) + except subprocess.CalledProcessError as e: + print(f"签名证书错误: {e}") + return None # 计算过期时间 expires_at = datetime.now() + timedelta(days=days_valid)