vmess does not work properly from v0.1.11

[ericclose]

• Config： vmess + websocket +tls
• Issue: vmess config works with clash-rs version v0.1.10, but not with v0.1.11.

Browser outputs when using v0.1.11:

ERR_TUNNEL_CONNECTION_FAILED

Screencast：

https://github.com/Watfaq/clash-rs/assets/34526560/55517de0-24d9-4983-93ab-3969c4570288

If you need me to provide the configuration, please let me know your email address and I will send it via email.

[ibigbug]

Looking at the video you posted, the 2nd request after you restart the new version didn't seem to come through.

Could you verify it with something like curl directly?

[ericclose]

Looking at the video you posted, the 2nd request after you restart the new version didn't seem to come through.

Could you verify it with something like curl directly?

$ curl -v -x "http://127.0.0.1:7890" https://www.google.com/search?q=test
*   Trying 127.0.0.1:7890...
* Connected to 127.0.0.1 (127.0.0.1) port 7890
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/8.4.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< content-length: 39
< date: Fri, 29 Dec 2023 06:20:34 GMT
<
* CONNECT tunnel failed, response 400
* Closing connection
curl: (56) CONNECT tunnel failed, response 400

[ibigbug]

Could you share you config to dev@watfaq.com plz

[ibigbug]

fixed in latest release

[ericclose]

fixed in latest release

There is a new issue in v0.1.12.

log

• error: TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED]

Click to expand

```log 2024-01-01T01:04:50.640684Z WARN clash_lib\src\app\dns\helper.rs:42: initializing DNS client DoH://1.1.1.1:443# with error dns error: io error: invalid data 2024-01-01T01:04:50.642502Z WARN url_test:resolve: clash_lib\src\app\dns\dns_client.rs:246: dns client background task is finished, likely connection closed, restarting a new one url="http://www.gstatic.com/generate_204" timeout=None host="mazex.info" enhanced=false 2024-01-01T01:04:50.643819Z INFO clash_lib\src\app\inbound\network_listener.rs:117: SOCKS5 TCP listening at: 0.0.0.0:7891 2024-01-01T01:04:50.644652Z INFO clash_lib\src\app\inbound\network_listener.rs:117: HTTP TCP listening at: 0.0.0.0:78902024-01-01T01:04:50.644866Z INFO clash_lib\src\app\dns\server\mod.rs:162: dns server listening on udp: 0.0.0.0:53 2024-01-01T01:04:50.645015Z INFO clash_lib\src\lib.rs:289: receiving shutdown signal 2024-01-01T01:04:50.645047Z INFO clash_lib\src\app\api\mod.rs:58: Starting API server at 127.0.0.1:9090 2024-01-01T01:04:50.695143Z WARN url_test:resolve: clash_lib\src\app\dns\dns_client.rs:246: dns client background task is finished, likely connection closed, restarting a new one url="http://www.gstatic.com/generate_204" timeout=None host="mazex.info" enhanced=false 2024-01-01T01:04:58.560409Z INFO dispatch_stream: clash_lib\src\app\router\mod.rs:96: matched [TCP] 127.0.0.1:5388 -> www.google.com:443 to target 🚀 节点 选择[Match] self=Dispatcher sess=Session { network: Tcp, source: 127.0.0.1:5388, destination: Domain("www.google.com", 443), packet_mark: None, iface: None } 2024-01-01T01:04:59.107920Z WARN dispatch_stream: clash_lib\src\app\dispatcher\dispatcher_impl.rs:171: failed to establish remote connection [TCP] 127.0.0.1:5388 -> www.google.com:443, error: TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED] self=Dispatcher sess=Session { network: Tcp, source: 127.0.0.1:5388, destination: Domain("www.google.com", 443), packet_mark: None, iface: None } 2024-01-01T01:04:59.109563Z INFO dispatch_stream: clash_lib\src\app\router\mod.rs:96: matched [TCP] 127.0.0.1:5390 -> www.google.com:443 to target 🚀 节点 选择[Match] self=Dispatcher sess=Session { network: Tcp, source: 127.0.0.1:5390, destination: Domain("www.google.com", 443), packet_mark: None, iface: None } 2024-01-01T01:04:59.646395Z WARN dispatch_stream: clash_lib\src\app\dispatcher\dispatcher_impl.rs:171: failed to establish remote connection [TCP] 127.0.0.1:5390 -> www.google.com:443, error: TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED] self=Dispatcher sess=Session { network: Tcp, source: 127.0.0.1:5390, destination: Domain("www.google.com", 443), packet_mark: None, iface: None } 2024-01-01T01:04:59.657537Z INFO dispatch_stream: clash_lib\src\app\router\mod.rs:96: matched [TCP] 127.0.0.1:5392 -> www.google.com:443 to target 🚀 节点 选择[Match] self=Dispatcher sess=Session { network: Tcp, source: 127.0.0.1:5392, destination: Domain("www.google.com", 443), packet_mark: None, iface: None } 2024-01-01T01:05:00.247171Z WARN dispatch_stream: clash_lib\src\app\dispatcher\dispatcher_impl.rs:171: failed to establish remote connection [TCP] 127.0.0.1:5392 -> www.google.com:443, error: TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED] self=Dispatcher sess=Session { network: Tcp, source: 127.0.0.1:5392, destination: Domain("www.google.com", 443), packet_mark: None, iface: None } ```

---

curl log

• curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Click to expand

> ```bash > curl -v -x "http://127.0.0.1:7890" https://www.google.com/search?q=test > ``` ```bash $ curl -v -x "http://127.0.0.1:7890" https://www.google.com/search?q=test * Trying 127.0.0.1:7890... * Connected to 127.0.0.1 (127.0.0.1) port 7890 * CONNECT tunnel: HTTP/1.1 negotiated * allocate connect buffer * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/8.4.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 OK < date: Mon, 01 Jan 2024 01:07:04 GMT < * CONNECT phase completed * CONNECT tunnel established, response 200 * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * schannel: failed to receive handshake, SSL/TLS connection failed * Closing connection * schannel: shutting down SSL/TLS connection with www.google.com port 443 * Send failure: Connection was aborted * schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1) curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed ```

---

• Using clash-rs v0.1.12 core in Clash Nyanpasu, all node latency test shows error.

[ibigbug]

0.1.12 also updated tls library. Seems to be failing on Windows.

Let me fix it

[ibigbug]

Could you see if 0.1.13 is working

[ericclose]

Could you see if 0.1.13 is working

Yes, now v0.1.13 works and the proxy is working right now.

However, an error message was encountered on Windows and there was no INFO level log output such like ... source: 192.168.233.1:53726, destination: Domain("www.google.com", 443) ... at all

• ERROR clash_lib\src\lib.rs:157: panic hook: PanicInfo { payload: Any { .. }, message: Some(calledResult::unwrap()on anErrvalue: Os { code: 10048, kind: AddrInUse, message: "Only one usage of each socket address (protocol/network address/port) is normally permitted." }), location: Location { file: "clash_lib\\src\\app\\api\\mod.rs", line: 99, col: 76 }, can_unwind: true, force_no_backtrace: false }

Full log (Click to expand)

```log 2024-01-01T13:05:29.422262Z WARN clash_lib\src\app\dns\helper.rs:42: initializing DNS client DoH://1.1.1.1:443# with error dns error: io error: invalid data 2024-01-01T13:05:29.432191Z INFO clash_lib\src\app\inbound\network_listener.rs:117: SOCKS5 TCP listening at: 0.0.0.0:7891 2024-01-01T13:05:29.432765Z INFO clash_lib\src\app\inbound\network_listener.rs:117: HTTP TCP listening at: 0.0.0.0:7890 2024-01-01T13:05:29.433684Z INFO clash_lib\src\app\dns\server\mod.rs:162: dns server listening on udp: 0.0.0.0:53 2024-01-01T13:05:29.434492Z INFO clash_lib\src\lib.rs:289: receiving shutdown signal 2024-01-01T13:05:29.434497Z INFO clash_lib\src\app\api\mod.rs:58: Starting API server at 127.0.0.1:9090 thread 'tokio-runtime-worker' panicked at clash_lib\src\app\api\mod.rs:99:76: called `Result::unwrap()` on an `Err` value: Os { code: 10048, kind: AddrInUse, message: "Only one usage of each socket address (protocol/network address/port) is normally permitted." } note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace 2024-01-01T13:05:29.442650Z ERROR clash_lib\src\lib.rs:157: panic hook: PanicInfo { payload: Any { .. }, message: Some(called `Result::unwrap()` on an `Err` value: Os { code: 10048, kind: AddrInUse, message: "Only one usage of each socket address (protocol/network address/port) is normally permitted." }), location: Location { file: "clash_lib\\src\\app\\api\\mod.rs", line: 99, col: 76 }, can_unwind: true, force_no_backtrace: false } ```

I tried clash-rs on Linux without the same error message, as well as the logs output is normal

[ibigbug]

do you have another core listening :9090 ?

[ibigbug]

Looks like your request is handled by another instance

[ericclose]

do you have another core listening :9090 ?

Yes. I noticed that Clash Nyanpasu quit but its core was still running in the background, and I killed it.

D:\Downloads>netstat -aon|findstr "9090"
  TCP    127.0.0.1:9090         0.0.0.0:0              LISTENING       15184

D:\Downloads>tasklist | findstr "15184"
mihomo.exe                   15184 Console                    9     39,688 K

Clash-rs v0.1.13 works fine and the log is normal now.

Thanks for your development work!