Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] 基于socks5的ssl连接报错 #1

Open
5 of 6 tasks
jinsongzhao opened this issue Feb 26, 2024 · 0 comments
Open
5 of 6 tasks

[Bug] 基于socks5的ssl连接报错 #1

jinsongzhao opened this issue Feb 26, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@jinsongzhao
Copy link

先决条件

  • 我了解这里是官方开源版 Clash 核心仓库,只提供开源版或者 Premium 内核的支持
  • 我要提交 Clash 核心的问题,并非 Clash.Meta / OpenClash / ClashX / Clash For Windows 或其他任何衍生版本的问题
  • 我使用的是本仓库最新版本的 Clash 或 Clash Premium 内核
  • 我已经在 Issue Tracker 中找过我要提出的 bug,并且没有找到相关问题
  • 我已经仔细阅读 官方 Wiki 并无法自行解决问题
  • (非 Premium 内核必填)我已经使用 dev 分支版本测试过,问题依旧存在

版本

v2.0.24

适用的作业系统

Linux

适用的硬件架构

amd64

配置文件

port: 8081
# socks-port: 7891
# redir-port: 7892
allow-lan: true
mode: Rule
log-level: debug
external-controller: 0.0.0.0:9090
dns:
  enable: false
  ipv6: false
Proxy:
  - {
      name: "socks5h",
      type: socks5,
      server: 127.0.0.1,
      port: 1080,
      tls: true,
      skip-cert-verify: true
    }
Proxy Group:
  - {
      name: "Proxy",
      type: select,
      proxies: [ "socks5h" ]
    }
Rule:
  - DOMAIN-KEYWORD,google,Proxy
  - GEOIP,CN,DIRECT
  - MATCH,Proxy

日志输出

curl -x http://127.0.0.1:8081 -v https://www.google.com
* Rebuilt URL to: https://www.google.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.58.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443

问题描述

GNU C Library (Ubuntu GLIBC 2.27-3ubuntu1.5) stable release version 2.27
通过privoxy做代理的正常输出

curl -x http://127.0.0.1:8080 -v https://www.google.com

CONNECT www.google.com:443 HTTP/1.1
Host: www.google.com:443
User-Agent: curl/7.58.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
<

  • Proxy replied 200 to CONNECT request
  • CONNECT phase completed!
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • CONNECT phase completed!
  • CONNECT phase completed!
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Unknown (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=www.google.com
  • start date: Feb 5 08:19:50 2024 GMT
  • expire date: Apr 29 08:19:49 2024 GMT
  • subjectAltName: host "www.google.com" matched cert's "www.google.com"
  • issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • Using Stream ID: 1 (easy handle 0x55c7869e2620)
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):

GET / HTTP/2
Host: www.google.com
User-Agent: curl/7.58.0
Accept: /

  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS Unknown, Unknown (23):
  • Connection state changed (MAX_CONCURRENT_STREAMS updated)!
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • TLSv1.3 (IN), TLS Unknown, Unknown (23):
  • TLSv1.3 (IN), TLS Unknown, Unknown (23):
    < HTTP/2 200
    < date: Mon, 26 Feb 2024 07:40:52 GMT
    < expires: -1
    < cache-control: private, max-age=0

复现步骤

No response
@jinsongzhao jinsongzhao added the bug Something isn't working label Feb 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jinsongzhao