Hello all!

On my localhost I've got a java 1.4 tls1.0 app/service running, which is hard-coded to http-call a soap service (tls1.0 level too) running on a remote host, say, svchost. Host resolution is "files" only (ie /etc/hosts) - no dns.

The aim is to make this java client tls1.2-compliant.

My solution is: 1/ configure svchost to be (an alias of) localhost - in global /etc/hosts 127.0.0.1 localhost svchost

2/ configure a chroot env for stunell with its own /etc/hosts 1.2.3.4 svchost

(needless to say that to make it work I had to copy /etc's nsswitch.conf resolv.conf, a bunch of libraries, esp libnsl and nsl_files etc, and create another lot of /dev entries) I've tested it with the native getent command: $ getent hosts svchost 127.0.0.1

$ chroot /var/run/stunnel/chroot getent hosts svchost 1.2.3.4

3/ run stunnel in chroot mode:

# /opt/csw/bin/stunnel -version stunnel 5.59 on sparc-sun-solaris2.10 platform Compiled/running with OpenSSL 1.0.2u 20 Dec 2019

; for tls1 clients client = yes sslVersion = TLSv1.2 delay = yes chroot = /var/run/stunnel/chroot

[tls12] accept = localhost:80 connect = svchost:443 ;

Alas, stunnel still resolves svchost from the global /etc/hosts - not from chroot's!:

$ curl -kL http://svchost/service curl: (52) Empty reply from server

...and in /var/adm/messages: …LOG[4]: Service [tls12] accepted connection from 127.0.0.1:47944 …LOG[4]: s_connect: connecting 127.0.0.1:443 …LOG[4]: s_connect: s_poll_wait 127.0.0.1:443: waiting 10 seconds …LOG[4]: s_connect: connect 127.0.0.1:443: Connection refused (146) …LOG[4]: No more addresses to connect

I've tried foreground yes/no, truss/strace - nothing useful...

What am I missing!? Thank you in advance!