RFE: Better proxy support

[opoplawski]

Perhaps you could make use of https://github.com/akuhtz/proxy-vole to auto detect proxy settings. Would be very helpful for us.

[opoplawski]

I'm happy to test out any changes.

[opoplawski]

So it's using the correct proxy (so yay java.net.useSystemProxies=true), but since we have an SSL filtering proxy we need to set the CA to include the proxy CA. Easiest would be to set javax.net.ssl.trustStoreType=WINDOWS-ROOT (which so far seems to need to be done on the command line), but that results in an exception: java.security.KeyStoreException: problem accessing trust store. Google search leads me to believe that the jre shipped with jhelioviewer is missing the SunMSCAPI provider.

I installed the Temurinjre chocolatey package and used the jre from that and it seems to work. But this is pretty clunky to get working.

[opoplawski]

Indeed in the jre I installed I see jre\bin\sunmscapi.dll but not in the jhelioviewer jre\bin directory.

[bogdanni]

Thank you for investigating this, I would never find it. So it seems that, for Windows, the jdk.crypto.mscapi module is needed for this to work. Please try the build from http://swhv.oma.be/download_test/, I verified that sunmscapi.dll is now installed.

[bogdanni]

Do I understand well that setting java.net.useSystemProxies=true (and additionally for Windows javax.net.ssl.trustStoreType=WINDOWS-ROOT) on the command line would make it work with proxy servers? Are you able to load movies?

[opoplawski]

Using your test build with those settings works for me with our proxy - I'm able to load data from https://www.lmsal.com/ for example. If it still works for you, I think we're good. I think both settings should be pretty safe defaults - I certainly expect applications to honor the system proxy and CA configuration. So I guess the remaining question is how to add the javax.net.ssl.trustStoreType=WINDOWS-ROOT option. Can you add that to the windows launcher?

On Linux things are a bit different. java.net.useSystemProxies doesn't really work (but also doesn't hurt), but java does honor the http_proxy/https_proxy environment variables which should work for us. Also, we need to use the system CA store again, which we can do by either using the system installed java, or by adding the -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts (at least for RedHat).

[bogdanni]

Could you please try the builds at http://swhv.oma.be/download_test/proxy/ They make use of proxy-vole. Just as normal user without special flags, defines, etc. Linux, Windows, maybe macOS also. Please try both the GSFC server (TLS sockets) and the IAS server (plain sockets). Thanks.