v1.2.0-release

~新增自定义本机host地址的功能（7-6-8）
~新手引导流程中新增自动设置加密DNS功能（当检测到本地证书时自动配置）
~优化了合并自定义配置文件的流程，现在会在生成的规则中添加注释
~同步最新1.4.2版本官方核心及高级版核心
~同步最新数据库文件
~修复yacd面板无法自动配置host的问题
~修复部分情况下检测本机host失败的bug
~修复部分情况下导入包含“&”符号的配置文件失败的bug
~修复在导入包含“/”的自定义规则时报错的bug

README.md

@@ -1,105 +1,108 @@
+<h1 align="center">
+  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
+  <br>ShellClash<br>
+</h1>
 
 
-# ShellClash（原Clash for Miwifi）
+  <p align="center">
+	<a target="_blank" href="https://github.com/Dreamacro/clash/releases">
+    <img src="https://img.shields.io/github/release/Dreamacro/Clash.svg?style=flat-square&label=Clash">
+  </a>
+  <a target="_blank" href="https://github.com/juewuy/ShellClash/releases">
+    <img src="https://img.shields.io/github/release/juewuy/ShellClash.svg?style=flat-square&label=ShellClash&colorB=green">
+  </a>
+</p>
 
-在Shell环境下一键部署及管理[Clash](https://github.com/Dreamacro/clash)
+[中文](README_CN.md) | English
-=====
 
-功能简介：
+## Function introduction: 
---
-~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
-~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
-~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的节点、订阅及配置链接<br>~支持配置定时任务，以及定时更新订阅<br>~支持在线安装及使用网页面板管理规则组<br>
-~支持局域网透明代理/纯净模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机系统级代理<br>~支持在线更新<br>
 
-设备支持：
+~Convenient use in Shell environment through management script [Clash](https://github.com/Dreamacro/clash)<br>~Support management of [Clash functions](https://lancellc.gitbook.io/clash)<br>~Support online import [Clash](https://github.com/Dreamacro/clash) supports sharing, subscription and configuration links<br>~Support configuration timing tasks, support configuration file timing updates<br>~Support online installation and Use local web panel to manage built-in rules<br>~Support routing mode, native mode and other mode switching<br>~Support GNOME, KDE desktop automatic configuration native mode<br>~Support online update<br>
+
+## Equipment support:
+
+~Support various router devices based on OpenWrt or secondary custom development using OpenWrt<br>~Support various devices running standard Linux systems (such as Debian/CenOS/Armbian, etc.)<br>~Compatible with Padavan firmware (conservative mode), Pandora firmware<br>~Compatible with various types of devices customized and developed using the Linux kernel<br>——————————<br>~For more device support, please submit an issue or go to the TG group for feedback (the device name and the device core information returned by running uname -a must be provided)<br>
+
+How to use:
 --
 
-~支持小米/红米全系使用官方系统或官方开发版系统的路由器设备<br>
+~Confirm that the router device has enabled SSH and obtained root privileges (Linux devices with GUI desktops can be installed using their own terminal)<br>~Use SSH connection tools (such as putty, JuiceSSH, system built-in terminal, etc.) router or Linux device SSH management interface or terminal interface, and switch to the root user<br>~Confirm that the curl or wget download tool has been installed on the device. If not installed, please [refer to here](https://www.howtoforge.com/install-curl-in-linux) for LInux devices to install curl. For devices based on OpenWrt (Xiaomi official system, Pandora, Gaoke, etc.), please Use the following command to install curl:<br>
-~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
-~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>——————————
-~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
 
-使用方式：
+```sh
---
-~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
-~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
-~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
-
-```shell
 opkg update && opkg install curl
 ```
 
-~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
+~ Then execute the following installation commands on the SSH interface, and follow the subsequent prompts to complete the installation<br>
 
-~**使用curl安装**：<br>
+##### ~Use curl:<br>
 
 ```Shell
-#Release版本-github直连
+#Release version - by github
 sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
-#Release版本-jsdelivrCDN源
+#Release version - by jsdelivrCDN
 sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
-#Test版本-github直连
+#Test version - by github
 sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
 ```
 
-~**使用wget安装**：<br>
+##### ~Use wget：<br>
 
 ```sh
-#Release版本-jsdelivrCDN源
+#Release version - by jsdelivrCDN
 wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
-~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
+~**After installation by non-root users**, please execute the following additional commands to read environment variables:<br>
 
 ```shell
 source ~/.bashrc &> /dev/null
 ```
 
-~安装完成管理脚本后，执行如下命令以**运行管理脚本**<br>
+~After installing the management script, execute the following command to **run the management script**<br>
 
 ```Shell
-clash #正常模式运行
+clash #normal mode
-clash -h #脚本帮助及说明
+clash -h #help
-clash -t #测试模式运行
+clash -t #test mode
 ```
 
-~**运行时的额外依赖**：<br>
+~**Additional dependencies at runtime**：<br>
 
-`大部分的设备/系统都已经预装了以下的大部分依赖，使用时如无影响可以无视之`
+```
+Most of the equipment/systems are pre-installed with most of the following dependencies, you can ignore them if there is no impact when you use them.
+```
 
 ```sh
-bash/ash		必须		全部缺少时无法安装及运行脚本
+bash/ash		necessary		Cannot install and run scripts when all are missing
-curl/wget		必须		全部缺少时无法在线安装及更新，无法使用节点保存功能
+curl/wget		necessary		When all are missing, it cannot be installed and updated online
-iptables		重要		缺少时只能使用纯净模式
+iptables		important		Only use pure mode when missing
-systemd/rc.common	一般		全部缺少时只能使用保守模式
+systemd/rc.common	general		Only use conservative mode when all are missing
-iptables-mod-nat	一般		缺少时无法使用redir模式，混合模式
+iptables-mod-nat	general		Cannot use redir mode, mixed mode when missing
-ip6tables-mod-nat	较低		缺少时影响redir模式，混合模式对ipv6的支持
+ip6tables-mod-nat	lower		Affects redir mode when missing, mixed mode support for ipv6
-crontab			较低		缺少时无法启用定时任务功能
+crontab			lower		Cannot enable timing task function when missing
-net-tools		极低		缺少时无法正常检测端口占用
+net-tools		minimal		Cannot detect port occupancy normally when missing
-ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
+ubus/iproute-doc	minimal		The host address of the machine cannot be obtained normally when missing
 ```
 
 
 
-更新日志：
+## Update log: 
---
 
-### [点击查看](https://github.com/juewuy/ShellClash/releases)
+### [Click to view](https://github.com/juewuy/ShellClash/releases) 
 
-交流反馈：
+## Exchange feedback: 
---
-### [TG讨论组](https://t.me/clashfm) 
 
-相关Q&A：
+### [TG Discussion Group](https://t.me/clashfm)
---
 
-### [详见博客](https://juewuy.github.io)
+## Related Q&A:
 
-## 捐赠此项目：
+### [See blog for details](https://juewuy.github.io)
 
-### [前往页面](https://juewuy.github.io/yOF4Yf06Q/)
+## Donate this project
+
+### [Go to page](https://juewuy.github.io/yOF4Yf06Q/)
+
+## Friendly promotion: 
+
+### [Top 8K Airport-Dler](https://dler.best/auth/register?affid=89698)
 
-友情推广：
---
-### [顶级8K专线机场-墙洞](https://dler.best/auth/register?affid=89698)

README_CN.md

@@ -0,0 +1,117 @@
+<h1 align="center">
+  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
+  <br>ShellClash<br>
+</h1>
+
+
+  <p align="center">
+	<a target="_blank" href="https://github.com/Dreamacro/clash/releases">
+    <img src="https://img.shields.io/github/release/Dreamacro/Clash.svg?style=flat-square&label=Clash">
+  </a>
+  <a target="_blank" href="https://github.com/juewuy/ShellClash/releases">
+    <img src="https://img.shields.io/github/release/juewuy/ShellClash.svg?style=flat-square&label=ShellClash&colorB=green">
+  </a>
+</p>
+
+中文 | [English](README.md) 
+
+功能简介：
+--
+
+~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
+~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
+~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的分享、订阅及配置链接<br>~支持配置定时任务，支持配置文件定时更新<br>~支持在线安装及使用本地网页面板管理内置规则<br>
+~支持路由模式、本机模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机模式<br>~支持在线更新<br>
+
+设备支持：
+--
+
+~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
+~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>~兼容各类使用Linux内核定制开发的各类型设备<br>
+
+——————————<br>
+~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
+
+使用方式：
+--
+~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
+~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
+~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
+
+```shell
+opkg update && opkg install curl
+```
+
+~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
+
+~**使用curl安装**：<br>
+
+```Shell
+#Release版本-github直连
+sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
+#Release版本-jsdelivrCDN源
+sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
+#Test版本-github直连
+sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+```
+
+~**使用wget安装**：<br>
+
+```sh
+#Release版本-jsdelivrCDN源
+wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
+
+```shell
+source ~/.bashrc &> /dev/null
+```
+
+~安装完成管理脚本后，执行如下命令以**运行管理脚本**<br>
+
+```Shell
+clash #正常模式运行
+clash -h #脚本帮助及说明
+clash -t #测试模式运行
+```
+
+~**运行时的额外依赖**：<br>
+
+`大部分的设备/系统都已经预装了以下的大部分依赖，使用时如无影响可以无视之`
+
+```sh
+bash/ash		必须		全部缺少时无法安装及运行脚本
+curl/wget		必须		全部缺少时无法在线安装及更新，无法使用节点保存功能
+iptables		重要		缺少时只能使用纯净模式
+systemd/rc.common	一般		全部缺少时只能使用保守模式
+iptables-mod-nat	一般		缺少时无法使用redir模式，混合模式
+ip6tables-mod-nat	较低		缺少时影响redir模式，混合模式对ipv6的支持
+crontab			较低		缺少时无法启用定时任务功能
+net-tools		极低		缺少时无法正常检测端口占用
+ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
+```
+
+
+
+更新日志：
+--
+
+### [点击查看](https://github.com/juewuy/ShellClash/releases)
+
+交流反馈：
+--
+### [TG讨论组](https://t.me/clashfm) 
+
+相关Q&A：
+--
+
+### [详见博客](https://juewuy.github.io)
+
+## 捐赠此项目：
+
+### [前往页面](https://juewuy.github.io/yOF4Yf06Q/)
+
+友情推广：
+--
+### [顶级8K专线机场-墙洞](https://dler.best/auth/register?affid=89698)

bin/ca-certificates.crt

@@ -1,7 +1,7 @@
 ##
 ## Bundle of CA Root Certificates
 ##
-## Certificate data from Mozilla as of: Tue Dec  8 22:06:48 2020 GMT
+## Certificate data from Mozilla as of: Tue Feb  9 22:06:19 2021 GMT
 ##
 ## This is a bundle of X.509 certificates of public Certificate Authorities
 ## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
 ## Just configure this file as the SSLCACertificateFile.
 ##
 ## Conversion done with mk-ca-bundle.pl version 1.28.
-## SHA256: d820b8696d8ffe42064a1384a56a8981cdc7e7e198036bbb5fa04a6c282dd9a2
+## SHA256: 3bdc63d1de27058fec943a999a2a8a01fcc6806a611b19221a7727d3d9bbbdfd
 ##
 
 
@@ -132,87 +132,6 @@ W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
 tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
 -----END CERTIFICATE-----
 
-GeoTrust Global CA
-==================
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
-Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw
-MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
-LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo
-BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet
-8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc
-T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU
-vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD
-AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk
-DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q
-zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4
-d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2
-mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p
-XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
-Mw==
------END CERTIFICATE-----
-
-GeoTrust Universal CA
-=====================
------BEGIN CERTIFICATE-----
-MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
-R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1
-MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu
-Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t
-JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e
-RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs
-7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d
-8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V
-qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga
-Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB
-Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu
-KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08
-ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0
-XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
-hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
-aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2
-qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL
-oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK
-xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF
-KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2
-DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK
-xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU
-p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI
-P/rmMuGNG2+k5o7Y+SlIis5z/iw=
------END CERTIFICATE-----
-
-GeoTrust Universal CA 2
-=======================
------BEGIN CERTIFICATE-----
-MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
-R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0
-MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
-SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0
-DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17
-j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q
-JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a
-QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2
-WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP
-20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn
-ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC
-SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG
-8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2
-+/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
-BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
-dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ
-4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+
-mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq
-A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg
-Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP
-pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d
-FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp
-gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm
-X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
------END CERTIFICATE-----
-
 Comodo AAA Services root
 ========================
 -----BEGIN CERTIFICATE-----
@@ -596,78 +515,6 @@ DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
 DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
 -----END CERTIFICATE-----
 
-GeoTrust Primary Certification Authority
-========================================
------BEGIN CERTIFICATE-----
-MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
-CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
-cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
-b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
-nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
-RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
-tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
-hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
-Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
-NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
-Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
-1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
------END CERTIFICATE-----
-
-thawte Primary Root CA
-======================
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
-BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
-aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
-MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
-SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
-KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
-FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
-oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
-1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
-q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
-aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
-afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
-AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
-uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
-xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
-jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
-z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
------END CERTIFICATE-----
-
-VeriSign Class 3 Public Primary Certification Authority - G5
-============================================================
------BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
-dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
-j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
-Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
-Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
-fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
-BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
-Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
-aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
-SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
-X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
-KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
-Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
-ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
------END CERTIFICATE-----
-
 SecureTrust CA
 ==============
 -----BEGIN CERTIFICATE-----
@@ -871,70 +718,6 @@ vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
 TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
 -----END CERTIFICATE-----
 
-GeoTrust Primary Certification Authority - G3
-=============================================
------BEGIN CERTIFICATE-----
-MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
-BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
-IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
-eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
-NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
-YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
-LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
-K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
-c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
-IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
-dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
-2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
-cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
-Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
-AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
-t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
------END CERTIFICATE-----
-
-thawte Primary Root CA - G2
-===========================
------BEGIN CERTIFICATE-----
-MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
-VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
-IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
-Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
-MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
-b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
-IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
-LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
-8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
-mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
-G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
-rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
------END CERTIFICATE-----
-
-thawte Primary Root CA - G3
-===========================
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
-BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
-aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
-ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
-d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
-VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
-A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
-P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
-+BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
-7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
-vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
-KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
-A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
-t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
-8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
-er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
------END CERTIFICATE-----
-
 GeoTrust Primary Certification Authority - G2
 =============================================
 -----BEGIN CERTIFICATE-----
@@ -980,27 +763,6 @@ wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
 mJO37M2CYfE45k+XmCpajQ==
 -----END CERTIFICATE-----
 
-VeriSign Class 3 Public Primary Certification Authority - G4
-============================================================
------BEGIN CERTIFICATE-----
-MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
-VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
-b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
-ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
-b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
-Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
-rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
-HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
-Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
-A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
-AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
------END CERTIFICATE-----
-
 NetLock Arany (Class Gold) Főtanúsítvány
 ========================================
 -----BEGIN CERTIFICATE-----
@@ -3433,3 +3195,34 @@ HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn
 ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl
 CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw==
 -----END CERTIFICATE-----
+
+NAVER Global Root Certification Authority
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG
+A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD
+DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4
+NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT
+UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb
+UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW
++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7
+XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2
+aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4
+Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z
+VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B
+A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy
+YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV
+HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK
+21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB
+jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx
+hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg
+E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH
+D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ
+A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY
+qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
+I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
+kpzNNIaRkPpkUZ3+/uul9XXeifdy
+-----END CERTIFICATE-----

bin/release_version

@@ -1,4 +1,6 @@
-1.0.0beta18
+1.2.0
+1.1.0
+1.0.0beta18.2
 1.0.0beta17
 1.0.0beta15
 1.0.0beta11

bin/version

@@ -1,4 +1,4 @@
-GeoIP_v=20201211
+clash_v=1.4.2
-clash_v=1.3.0
+clashpre_v=2021.03.10
-clashpre_v=2020.11.20
+GeoIP_v=20210322
-versionsh=1.0.0beta18fix
+versionsh=1.2.0

install.sh

@@ -13,7 +13,7 @@ echo "***********************************************"
 #检查root权限
 if [ "$USER" != "root" ];then
 	echo 当前用户:$USER
-	$echo "\033[31m请尽量使用root用户执行安装!\033[0m"
+	$echo "\033[31m请尽量使用root用户（但绝对不要使用sudo命令！）执行安装!\033[0m"
 	echo -----------------------------------------------
 	read -p "仍要安装？可能会产生大量未知错误！(1/0) > " res
 	[ "$res" != "1" ] && exit
@@ -86,17 +86,22 @@ gettar(){
 	fi
 	#修饰文件及版本号
 	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
-	sed -i "s%#!/bin/sh%#!/bin/$shtype%g" $clashdir/start.sh
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
 	#设置环境变量
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
+	if [ -n "$profile" ];then
 		sed -i '/alias clash=*/'d $profile
 		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
 		sed -i '/export clashdir=*/'d $profile
 		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice

scripts/clash.sh

@@ -27,8 +27,8 @@ getconfig(){
 	#检查mac地址记录
 	[ ! -f $clashdir/mac ] && touch $clashdir/mac
 	#获取本机host地址
-	host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	[ -z "$host" ] && host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
-	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '192.|10.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '\ 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
 	[ -z "$host" ] && host=127.0.0.1
 	#dashboard目录位置
 	[ -d $clashdir/ui ] && dbdir=$clashdir/ui && hostdir=":$db_port/ui"
@@ -93,7 +93,7 @@ getconfig(){
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
 	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
-	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
+	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 #启动相关
 errornum(){
@@ -166,6 +166,7 @@ setport(){
 	echo -e " 5 修改面板访问端口：	\033[36m$db_port\033[0m"
 	echo -e " 6 设置面板访问密码：	\033[36m$secret\033[0m"
 	echo -e " 7 修改默认端口过滤：	\033[36m$multiport\033[0m"
+	echo -e " 8 指定本机host地址：	\033[36m$host\033[0m"
 	echo -e " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	if [ -z "$num" ]; then 
@@ -233,6 +234,26 @@ setport(){
 			echo -e "\033[32m设置成功！！！\033[0m"
 		fi
 		setport
+	elif [ "$num" = 8 ]; then
+		echo -----------------------------------------------
+		echo -e "\033[33m此处可以更改脚本内置的host地址\033[0m"
+		echo -e "\033[31m设置后如本机host地址有变动，请务必手动修改！\033[0m"
+		echo -----------------------------------------------
+		read -p "请输入自定义host地址(输入0移除自定义host) > " host
+		if [ "$host" = "0" ];then
+			host=""
+			setconfig host $host
+			echo -e "\033[32m已经移除自定义host地址，请重新运行脚本以自动获取host！！！\033[0m"
+			exit 0
+		elif [ -n "$(echo $host | grep -Po '(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])(\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)){3}')" ]; then
+			setconfig host $host
+			echo -e "\033[32m设置成功！！！\033[0m"
+		else
+			host=""
+			echo -e "\033[31m输入错误，请仔细核对！！！\033[0m"
+		fi
+		sleep 1
+		setport
 	fi	
 }
 setdns(){
@@ -521,12 +542,12 @@ clashcfg(){
 		echo -e " 1 Redir模式：CPU以及内存\033[33m占用较低\033[0m"
 		echo -e "              但\033[31m不支持UDP\033[0m流量转发"
 		echo -e "              适合\033[32m非游戏用户\033[0m使用"
-		echo -e " 2 Tun模式：  \033[33m支持UDP转发\033[0m且延迟最低"
+		echo -e " 2 混合模式： 使用redir转发TCP，Tun转发UDP流量"
-		echo -e "              \033[31mCPU占用极高\033[0m，只支持fake-ip模式"
-		echo -e "              适合\033[32m游戏用户、非大流量用户\033[0m"
-		echo -e " 3 混合模式： 使用redir转发TCP，Tun转发UPD"
 		echo -e "              \033[33m速度较快\033[0m，\033[31m内存占用略高\033[0m"
 		echo -e "              适合\033[32m游戏用户、综合用户\033[0m"
+		echo -e " 3 Tun模式：  \033[33m支持UDP转发\033[0m且延迟最低"
+		echo -e "              \033[31mCPU占用极高\033[0m，只支持fake-ip模式"
+		echo -e "              \033[33m如非必要不推荐使用\033[0m"
 		echo -e " 4 纯净模式： 不设置iptables静态路由"
 		echo -e "              必须\033[33m手动配置\033[0mhttp/sock5代理"
 		echo -e "              或使用内置的PAC文件配置代理"
@@ -539,7 +560,7 @@ clashcfg(){
 		elif [ "$num" = 1 ]; then
 			redir_mod=Redir模式
 			set_redir_config
-		elif [ "$num" = 2 ]; then
+		elif [ "$num" = 3 ]; then
 			modinfo tun >/dev/null 2>&1
 			if [ "$?" != 0 ];then
 				echo -----------------------------------------------
@@ -561,7 +582,7 @@ clashcfg(){
 				dns_mod=fake-ip
 				set_redir_config
 			fi
-		elif [ "$num" = 3 ]; then
+		elif [ "$num" = 2 ]; then
 			modinfo tun >/dev/null 2>&1
 			if [ "$?" != 0 ];then
 				echo -e "\033[31m当前设备内核可能不支持开启Tun/混合模式！\033[0m"
@@ -634,7 +655,6 @@ clashcfg(){
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用功能设置菜单：\033[0m"
-	echo -e "\033[32m修改配置后请手动重启clash服务！\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 切换Clash运行模式: 	\033[36m$redir_mod\033[0m"
 	echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
@@ -643,7 +663,6 @@ clashcfg(){
 	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑名单/白名单进行过滤"
 	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m	————使用环境变量或GUI/api配置本机代理"
 	echo -----------------------------------------------
-	echo -e " 9 \033[32m重启\033[0mclash服务"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -714,19 +733,17 @@ clashadv(){
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用进阶模式菜单：\033[0m"
-	echo -e "\033[33m如您不是很了解clash的运行机制，请勿更改！\033[0m"
+	echo -e "\033[33m如您并不了解clash的运行机制，请勿更改本页面功能！\033[0m"
-	echo -e "\033[32m修改配置后请手动重启clash服务！\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 使用保守方式启动:	\033[36m$start_old\033[0m	————切换时会停止clash服务"
 	echo -e " 2 启用ipv6支持:	\033[36m$ipv6_support\033[0m	————实验性功能，可能不稳定"
 	echo -e " 3 Redir模式udp转发:	\033[36m$tproxy_mod\033[0m	————依赖iptables-mod-tproxy"
 	echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————启动时方下载核心及数据库文件"
 	echo -e " 5 配置内置DNS服务	\033[36m$dns_no\033[0m"
-	echo -e " 6 手动指定相关服务端口及秘钥"
+	echo -e " 6 手动指定相关端口、秘钥及本机host"
 	echo -e " 7 使用自定义配置"
 	echo -----------------------------------------------
 	echo -e " 8 \033[31m重置\033[0m配置文件"
-	echo -e " 9 \033[32m重启\033[0mclash服务"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -808,6 +825,7 @@ clashadv(){
 				read -p "确认停用此功能？(1/0) > " res
 				[ "$res" = 1 ] && bindir="$clashdir" && echo -e "\033[33m已经停用小闪存功能！\033[0m"
 			else
+				rm -rf /tmp/clash_$USER
 				bindir="$clashdir"
 				echo -e "\033[33m已经停用小闪存功能！\033[0m"
 			fi
@@ -883,9 +901,6 @@ EOF
 		fi
 		clashadv
 
-	elif [ "$num" = 9 ]; then	
-		clashstart
-		sleep 1
 	else
 		errornum
 	fi
@@ -906,11 +921,11 @@ clashcron(){
 			else	
 				hour=$num
 				echo -----------------------------------------------
-				read -p "请输入分钟（0-60） > " num
+				read -p "请输入分钟（0-59） > " num
 				if [ -z "$num" ]; then 
 					errornum
 					setcron
-				elif [ $num -gt 60 ] || [ $num -lt 0 ]; then 
+				elif [ $num -gt 59 ] || [ $num -lt 0 ]; then 
 					errornum
 					setcron
 				else	
@@ -932,9 +947,10 @@ clashcron(){
 		}
 		echo -----------------------------------------------
 		echo -e " 正在设置：\033[32m$cronname\033[0m定时任务"
-		echo -e " 输入  1-7  对应\033[33m每周相应天\033[0m运行"
+		echo -e " 输入  1~7  对应\033[33m每周的指定某天\033[0m运行"
-		echo -e " 输入   8   设为\033[33m每天定时\033[0m运行"
+		echo -e " 输入   8   设为\033[33m每天\033[0m定时运行"
-		echo -e " 输入 1,3,6 代表\033[36m每周1,3,6\033[0m运行(注意用小写逗号分隔)"
+		echo -e " 输入 1,3,6 代表\033[36m指定每周1,3,6\033[0m运行(小写逗号分隔)"
+		echo -e " 输入 a,b,c 代表\033[36m指定每周a,b,c\033[0m运行(1<=abc<=7)"
 		echo -----------------------------------------------
 		echo -e " 输入   9   \033[31m删除定时任务\033[0m"
 		echo -e " 输入   0   返回上级菜单"

scripts/getdate.sh

@@ -44,14 +44,15 @@ linkconfig(){
 	echo 11	李哥规则-墙洞专用
 	echo 12	基础规则-仅Geoip CN+Final
 	echo 13	网易云解锁-仅规则分组
+	echo 14	ACL4SSR重度全分组+谷歌优化
 	echo -----------------------------------------------
 	echo 0 返回上级菜单
 	read -p "请输入对应数字 > " num
-	if [ -z "$num" ] || [ "$num" -gt 13 ];then
+	if [ -z "$num" ] || [ "$num" -gt 14 ];then
 		errornum
 	elif [ "$num" = 0 ];then
 		echo 
-	elif [ "$num" -le 13 ];then
+	elif [ "$num" -le 14 ];then
 		#将对应标记值写入mark
 		rule_link=$num
 		setconfig rule_link $rule_link
@@ -216,6 +217,7 @@ getlink2(){
 	read -p "请输入完整链接 > " link
 	test=$(echo $link | grep -iE "tp.*://" )
 	link=`echo ${link/\ \(*\)/''}`   #删除恶心的超链接内容
+	link=`echo ${link//\&/\\\&}`   #为分隔符 & 添加转义
 	if [ -n "$link" -a -n "$test" ];then
 		echo -----------------------------------------------
 		echo -e 请检查输入的链接是否正确：
@@ -362,17 +364,22 @@ gettar(){
 	fi
 	#修饰文件及版本号
 	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
-	sed -i "s%#!/bin/sh%#!/bin/$shtype%g" $clashdir/start.sh
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
 	#设置环境变量
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
+	if [ -n "$profile" ];then
 		sed -i '/alias clash=*/'d $profile
 		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
 		sed -i '/export clashdir=*/'d $profile
 		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice
@@ -550,13 +557,16 @@ getdb(){
 		echo -e "\033[33m下载成功，正在解压文件！\033[0m"
 		mkdir -p $dbdir > /dev/null
 		tar -zxvf "/tmp/clashdb.tar.gz" -C $dbdir > /dev/null
+		if [ $? -ne 0 ];then
+			tar -zxvf "/tmp/clashdb.tar.gz" --no-same-permissions -C $dbdir > /dev/null
 			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
+		fi
 		#修改默认host和端口
 		if [ "$db_type" = "clashdb" ];then
-			sed -i "s/127.0.0.1/${host}/g" $dbdir/static/js/*.js
+			sed -i "s/127.0.0.1/${host}/g" $dbdir/assets/*.js
-			sed -i "s/9090/${db_port}/g" $dbdir/static/js/*.js
+			sed -i "s/9090/${db_port}/g" $dbdir/assets/*.js
 		else
-			sed -i "s/127.0.0.1:9090/${host}:${db_port}/g" $dbdir/app*.js
+			sed -i "s/127.0.0.1:9090/${host}:${db_port}/g" $dbdir/*.html
 			#sed -i "s/7892/${db_port}/g" $dbdir/app*.js
 		fi
 		#如果clash在运行则重启clash服务
@@ -577,7 +587,7 @@ setdb(){
 			echo -e "请选择面板\033[33m安装目录：\033[0m"
 			echo -----------------------------------------------
 			echo -e " 1 在$clashdir/ui目录安装"
-			echo -e " 2 在/www/clash目录安装(推荐！)"
+			echo -e " 2 在/www/clash目录安装"
 			echo -----------------------------------------------
 			echo " 0 返回上级菜单"
 			read -p "请输入对应数字 > " num
@@ -646,13 +656,15 @@ getcrt(){
 	fi
 }
 setcrt(){
-	crtdir='/etc/ssl/certs/ca-certificates.crt'
+	openssldir=$(openssl version -a 2>&1 | grep OPENSSLDIR | awk -F "\"" '{print $2}')
+	if [ -n "$openssldir" ];then
+		crtdir="$openssldir/certs/ca-certificates.crt"
 		echo -----------------------------------------------
 		echo -e "\033[36m安装/更新本地根证书文件(ca-certificates.crt)\033[0m"
 		echo -e "\033[33m用于解决证书校验错误，x509报错等问题\033[0m"
-	echo -e "\033[31m无上述问题的设备无需使用本功能！\033[0m"
+		echo -e "\033[31m无上述问题的设备请勿使用！\033[0m"
-	[ -f "$crtdir" ] && echo -e "\033[32m当前设备已经安装根证书文件了！\033[0m"
 		echo -----------------------------------------------
+		[ -f "$crtdir" ] && echo -e "\033[33m检测到系统已经安装根证书文件了！\033[0m\n-----------------------------------------------"
 		read -p "确认安装？(1/0) > " res
 
 		if [ -z "$res" ];then
@@ -660,15 +672,14 @@ setcrt(){
 		elif [ "$res" = '0' ]; then
 			i=
 		elif [ "$res" = '1' ]; then
-		if [ -d /etc/ssl/certs ];then
 			getcrt
 		else
-			echo -----------------------------------------------
+			errornum
-			echo -e "\033[33m设备可能未安装openssl或者证书文件目录不是/etc/ssl/certs，无法安装！\033[0m"
-			sleep 1
 		fi
 	else
-		errornum
+		echo -----------------------------------------------
+		echo -e "\033[33m设备可能尚未安装openssl，无法安装证书文件！\033[0m"
+		sleep 1
 	fi
 }
 setserver(){
@@ -819,19 +830,19 @@ update(){
 		read -p "确认卸载ShellClash？（警告：该操作不可逆！）[1/0] " res
 		if [ "$res" = '1' ]; then
 			$clashdir/start.sh stop
-			rm -rf $clashdir
+			$clashdir/start.sh cronset "clash服务"
-			rm -rf /etc/init.d/clash
+			$clashdir/start.sh cronset "订阅链接"
-			rm -rf /etc/systemd/system/clash.service
-			rm -rf /usr/lib/systemd/system/clash.service
-			rm -rf /www/clash
 			[ -w ~/.bashrc ] && profile=~/.bashrc
 			[ -w /etc/profile ] && profile=/etc/profile
 			sed -i '/alias clash=*/'d $profile
 			sed -i '/export clashdir=*/'d $profile
 			sed -i '/all_proxy/'d $profile
 			sed -i '/ALL_PROXY/'d $profile
-			cronset "clash服务"
+			rm -rf $clashdir
-			cronset "订阅链接"
+			rm -rf /etc/init.d/clash
+			rm -rf /etc/systemd/system/clash.service
+			rm -rf /usr/lib/systemd/system/clash.service
+			rm -rf /www/clash
 			echo -----------------------------------------------
 			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
 			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
@@ -918,15 +929,24 @@ userguide(){
 	echo -e "\033[33m安装本地Dashboard面板，可以更快捷的管理clash内置规则！\033[0m"
 	echo -----------------------------------------------
 	read -p "需要安装本地Dashboard面板吗？(1/0) > " res
-	[ "$res" = 1 ] && setdb
+	[ "$res" = 1 ] && checkupdate && setdb
 	#检测及下载根证书
 	if [ -d /etc/ssl/certs -a ! -f '/etc/ssl/certs/ca-certificates.crt' ];then
 		echo -----------------------------------------------
 		echo -e "\033[33m当前设备未找到根证书文件\033[0m"
 		echo -----------------------------------------------
 		read -p "是否下载并安装根证书？(1/0) > " res
-		[ "$res" = 1 ] && getcrt
+		[ "$res" = 1 ] && checkupdate && getcrt
 	fi
+	#设置加密DNS
+	webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
+	if [ "$result" = "200" ];then
+		dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
+		dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'
+		setconfig dns_nameserver \'"$dns_nameserver"\'
+		setconfig dns_fallback \'"$dns_fallback"\' 
+	fi
+	rm -rf /tmp/ssl_test
 	#提示导入订阅或者配置文件
 	echo -----------------------------------------------
 	echo -e "\033[32m是否导入配置文件？\033[0m(这是运行前的最后一步)"

scripts/start.sh

@@ -89,6 +89,11 @@ mark_time(){
 	sed -i '/start_time*/'d $clashdir/mark
 	echo start_time=$start_time >> $clashdir/mark
 }
+gethost(){
+	[ -z "$host" ] && host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '\ 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+	[ -n "$host" ] && lanhost="-s $(echo $host | grep -oE '^1(92|0|72)\.')0.0.0/8"
+}
 #配置文件相关
 getyaml(){
 	[ -z "$rule_link" ] && rule_link=1
@@ -115,6 +120,7 @@ https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/ra
 https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/dlercloud_lige_platinum.ini
 https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/basic.ini
 https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/netease.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Full_Google.ini
 EOF`
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
@@ -160,7 +166,7 @@ EOF`
 	else
 		Https=""
 		#检测节点或providers
-		if [ -z "$(cat $yamlnew | grep -E 'server:|proxy-providers:' | grep -v 'nameserver')" ];then
+		if [ -z "$(cat $yamlnew | grep -E 'server:|proxy-providers:' | grep -v 'nameserver' | head -n 1)" ];then
 			echo -----------------------------------------------
 			logger "获取到了配置文件，但似乎并不包含正确的节点信息！" 31
 			echo -----------------------------------------------
@@ -185,6 +191,14 @@ EOF`
 			echo -----------------------------------------------
 			exit 1
 		fi
+		#检测是否存在高级版规则
+		if [ "$clashcore" = "clash" -a -n "$(cat $yamlnew | grep -E '^script:|proxy-providers|rule-providers')" ];then
+			echo -----------------------------------------------
+			logger "检测到高级版核心专属规则！将改为使用premium核心启动！" 33
+			rm -rf $bindir/clash
+			setconfig clashcore clashpre
+			echo -----------------------------------------------
+		fi
 		#使用核心内置test功能检测
 		if [ -x $bindir/clash ];then
 			$bindir/clash -t -d $bindir -f $yamlnew >/dev/null
@@ -250,18 +264,20 @@ secret: $secret
 $tun
 $exper
 $dns
+store-selected: false
 EOF
 ###################################
 	[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
 	#合并文件
 	cut -c 1- $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml
 	#插入自定义规则
+	sed -i "/#自定义规则/d" $tmpdir/config.yaml
 	if [ -f $clashdir/rules.yaml ];then
 		while read line;do
 			[ -z "$(echo "$line " | grep '#')" ] && \
 			[ -n "$(echo "$line" | grep '\-\ ')" ] && \
-			sed -i "/$line/d" $tmpdir/config.yaml && \
+			line=$(echo "$line" | sed 's#/#\\/#') && \
-			sed -i "/^rules:/a\ $line" $tmpdir/config.yaml
+			sed -i "/^rules:/a\ $line #自定义规则" $tmpdir/config.yaml
 		done < $clashdir/rules.yaml
 	fi
 	#如果没有使用小闪存模式
@@ -274,6 +290,8 @@ EOF
 }
 #设置路由规则
 start_redir(){
+	#获取本地局域网地址段
+	gethost
 	#流量过滤规则
 	iptables -t nat -N clash
 	iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
@@ -296,7 +314,7 @@ start_redir(){
 		done
 		iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port
 	fi
-	iptables -t nat -A PREROUTING -p tcp -j clash
+	iptables -t nat -A PREROUTING -p tcp $lanhost -j clash
 	#设置ipv6转发
 	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
 	if [ -n "$ip6_nat" -a "$ipv6_support" = "已开启" ];then
@@ -367,6 +385,7 @@ start_dns(){
 	fi
 }
 start_udp(){
+	gethost	#获取本地局域网地址段
 	ip rule add fwmark 1 table 100
 	ip route add local default dev lo table 100
 	iptables -t mangle -N clash
@@ -390,13 +409,14 @@ start_udp(){
 		done
 		iptables -t mangle -A clash -p udp -j TPROXY --on-port $redir_port --tproxy-mark 1
 	fi
-	iptables -t mangle -A PREROUTING -p udp -j clash
+	iptables -t mangle -A PREROUTING -p udp $lanhost -j clash
 }
 stop_iptables(){
+	gethost #获取本地局域网地址段
     #重置iptables规则
 	ip rule del fwmark 1 table 100  2> /dev/null
 	ip route del local default dev lo table 100 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp $lanhost -j clash 2> /dev/null
 	iptables -t nat -D PREROUTING -p udp -j clash_dns 2> /dev/null
 	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash_dns 2> /dev/null
 	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash_dns 2> /dev/null
@@ -406,7 +426,7 @@ stop_iptables(){
 	iptables -t nat -X clash_dns 2> /dev/null
 	iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
 	#重置udp规则
-	iptables -t mangle -D PREROUTING -p udp -j clash 2> /dev/null
+	iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
 	iptables -t mangle -X clash 2> /dev/null
 	#重置ipv6规则
@@ -434,7 +454,7 @@ web_save(){
 	#使用get_save获取面板节点设置
 	get_save http://localhost:${db_port}/proxies | awk -F "{" '{for(i=1;i<=NF;i++) print $i}' | grep -E '^"all".*"Selector"' > /tmp/clash_web_check_$USER
 	while read line ;do
-		def=$(echo $line | awk -F "[\[,]" '{print $2}')
+		def=$(echo $line | awk -F "[[,]" '{print $2}')
 		now=$(echo $line | grep -oE '"now".*",' | sed 's/"now"://g'| sed 's/,//g')
 		[ "$def" != "$now" ] && echo $line | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g'| sed 's/"//g' >> /tmp/clash_web_save_$USER
 	done < /tmp/clash_web_check_$USER
@@ -475,9 +495,7 @@ web_restore(){
 }
 #启动相关
 catpac(){
-	host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	gethost
-	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '192.|10.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
-	[ -z "$host" ] && host=127.0.0.1
 	cat > /tmp/clash_pac <<EOF
 function FindProxyForURL(url, host) {
 	if (
@@ -492,7 +510,7 @@ function FindProxyForURL(url, host) {
 	)
 		return "DIRECT";
 	else
-		return "PROXY 192.168.31.1:7890; DIRECT; SOCKS5 192.168.31.1:7890"
+		return "PROXY $host:$mix_port; DIRECT; SOCKS5 $host:$mix_port"
 }
 EOF
 	compare /tmp/clash_pac $bindir/ui/pac
@@ -645,10 +663,17 @@ web_save)
 		getconfig
 		web_save
 	;;
+web_restore)
+		getconfig
+		web_restore
+	;;
 daemon)
 		getconfig
 		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
 	;;
+cronset)
+		cronset $2 $3
+	;;
 set_proxy)
 		getconfig
 		#GNOME配置