1. fix issues #365 #366

xpf0000 · xpf0000 · commit 9c39a14323f4 · 2025-07-13T22:19:29.000+08:00
diff --git a/build/helper.js b/build/helper.js
diff --git a/src/fork/module/Tool.win.ts b/src/fork/module/Tool.win.ts
@@ -114,12 +114,16 @@ class Manager extends Base {
         await execPromise(command)
 
         process.chdir(param.savePath)
-        command = `echo basicConstraints=CA:true > "${caFileName}.cnf"`
-        await execPromise(command)
 
         const caCRT = join(param.savePath, `${caFileName}.crt`)
         const caCnf = join(param.savePath, `${caFileName}.cnf`)
 
+        const cnf = `basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer`
+        await writeFile(caCnf, cnf)
+
         process.chdir(dirname(openssl))
         command = `${basename(openssl)} x509 -req -in "${caCSR}" -signkey "${caKey}" -out "${caCRT}" -extfile "${caCnf}" -sha256 -days 3650`
         await execPromise(command)
diff --git a/src/fork/module/host/SSL.ts b/src/fork/module/host/SSL.ts
@@ -121,7 +121,7 @@ subjectAltName=@alt_names
             resolve(false)
             return
           }
-          await Helper.send('host', 'sslAddTrustedCert', CADir)
+          await Helper.send('host', 'sslAddTrustedCert', CADir, 'FlyEnv-Root-CA.crt')
           const res: any = await Helper.send('host', 'sslFindCertificate', CADir)
           if (!res.stdout.includes('FlyEnv-Root-CA') && !res.stderr.includes('FlyEnv-Root-CA')) {
             resolve(false)
diff --git a/src/helper/module/Host.ts b/src/helper/module/Host.ts
@@ -2,11 +2,11 @@ import { BaseManager } from './Base'
 import { execPromise } from '../util'
 
 class Manager extends BaseManager {
-  sslAddTrustedCert(cwd: string): Promise<boolean> {
+  sslAddTrustedCert(cwd: string, caName: string): Promise<boolean> {
     return new Promise(async (resolve, reject) => {
       try {
         await execPromise(
-          `security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "FlyEnv-Root-CA.crt"`,
+          `security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "${caName}"`,
           {
             cwd
           }
diff --git a/src/main/core/AppHelper.ts b/src/main/core/AppHelper.ts
@@ -10,7 +10,7 @@ const SOCKET_PATH = '/tmp/flyenv-helper.sock'
 
 class AppHelper {
   state: 'normal' | 'installing' | 'installed' = 'normal'
-  version = 5
+  version = 6
   check() {
     console.time('AppHelper check')
     return new Promise((resolve, reject) => {
diff --git a/src/render/components/Tools/SSLMake/Index.vue b/src/render/components/Tools/SSLMake/Index.vue
@@ -173,7 +173,7 @@
       if (!exists) {
         let command = `openssl genrsa -out "${caFileName}.key" 2048;`
         command += `openssl req -new -key "${caFileName}.key" -out "${caFileName}.csr" -sha256 -subj "/CN=Dev Root CA ${caFileName}";`
-        command += `echo "basicConstraints=CA:true" > "${caFileName}.cnf";`
+        command += `echo "basicConstraints = critical,CA:TRUE\nkeyUsage = critical,keyCertSign,cRLSign\nsubjectKeyIdentifier = hash\nauthorityKeyIdentifier = keyid:always,issuer" > "${caFileName}.cnf";`
         command += `openssl x509 -req -in "${caFileName}.csr" -signkey "${caFileName}.key" -out "${caFileName}.crt" -extfile "${caFileName}.cnf" -sha256 -days 3650;`
         await exec.exec(command, opt)
       }

Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ subjectAltName=@alt_names`
`121`	`121`	`resolve(false)`
`122`	`122`	`return`
`123`	`123`	`}`
`124`		`- await Helper.send('host', 'sslAddTrustedCert', CADir)`
	`124`	`+ await Helper.send('host', 'sslAddTrustedCert', CADir, 'FlyEnv-Root-CA.crt')`
`125`	`125`	`const res: any = await Helper.send('host', 'sslFindCertificate', CADir)`
`126`	`126`	`if (!res.stdout.includes('FlyEnv-Root-CA') && !res.stderr.includes('FlyEnv-Root-CA')) {`
`127`	`127`	`resolve(false)`
Original file line number	Diff line number	Diff line change
`@@ -2,11 +2,11 @@ import { BaseManager } from './Base'`
`2`	`2`	`import { execPromise } from '../util'`
`3`	`3`
`4`	`4`	`class Manager extends BaseManager {`
`5`		`- sslAddTrustedCert(cwd: string): Promise<boolean> {`
	`5`	`+ sslAddTrustedCert(cwd: string, caName: string): Promise<boolean> {`
`6`	`6`	`return new Promise(async (resolve, reject) => {`
`7`	`7`	`try {`
`8`	`8`	`await execPromise(`
`9`		- `security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "FlyEnv-Root-CA.crt"`,
	`9`	+ `security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "${caName}"`,
`10`	`10`	`{`
`11`	`11`	`cwd`
`12`	`12`	`}`
Original file line number	Diff line number	Diff line change
`@@ -173,7 +173,7 @@`
`173`	`173`	`if (!exists) {`
`174`	`174`	let command = `openssl genrsa -out "${caFileName}.key" 2048;`
`175`	`175`	command += `openssl req -new -key "${caFileName}.key" -out "${caFileName}.csr" -sha256 -subj "/CN=Dev Root CA ${caFileName}";`
`176`		- command += `echo "basicConstraints=CA:true" > "${caFileName}.cnf";`
	`176`	+ command += `echo "basicConstraints = critical,CA:TRUE\nkeyUsage = critical,keyCertSign,cRLSign\nsubjectKeyIdentifier = hash\nauthorityKeyIdentifier = keyid:always,issuer" > "${caFileName}.cnf";`
`177`	`177`	command += `openssl x509 -req -in "${caFileName}.csr" -signkey "${caFileName}.key" -out "${caFileName}.crt" -extfile "${caFileName}.cnf" -sha256 -days 3650;`
`178`	`178`	`await exec.exec(command, opt)`
`179`	`179`	`}`