clash
clash copied to clipboard
Published
20 hours ago •
Dreamacro
Dreamacro
[Bug] Clash 解析 HTTPS 请求中的 SNI 域名失败导致无法连接
Verify steps
- [ ] 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
- [X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- [X] 我已经使用 dev 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
- [X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
- [X] 这是 Clash 核心的问题,并非我所使用的 Clash 衍生版本(如 OpenClash、KoolClash 等)的特定问题 This is an issue of the Clash core per se, not to the derivatives of Clash, like OpenClash or KoolClash.
Clash version
tun 2022.08.26-3-ge16bdd2
What OS are you seeing the problem on?
No response
Clash config
--
Clash log
22-10-09 19:04:07
warn
[TCP] dial failed error=couldn't find ip: abc.example.com proxy=Domestic lAddr=172.16.0.155:61038 rAddr=abc.example.com:443 rule=RuleSet rulePayload=Domestic IPs
22-10-09 19:04:07
debug
[Matcher] find process failed error=netlink message: NLMSG_ERROR addr=abc.example.com
22-10-09 19:04:07
debug
[TCP] accept connection lAddr=172.16.0.155:61038 rAddr=abc.example.com:443 inbound=Redir
Description
复现方法: 任意配置,不需要代理规则,命中 DIRECT 即可。
在设备上测试:
curl -v https://abc.example.com/ --resolve abc.example.com:443:39.156.66.10
或者使用 openssl:
openssl s_client -connect 39.156.66.10:443
openssl s_client -connect 39.156.66.10:443 -servername abc.example.com
区别是后者携带了 SNI 信息,即会导致无法连接。
代码中没有找到 Matcher 相关的信息?
临时解决办法:clash 的 hosts 中添加域名解析记录,使域名可以任意解析。
