[server,proxy] add TlsSecLevel option to config

To support legacy targets add the TlsSecLevel configuration option that
is equivalent to the /tls:seclevel option of the client implementations.
This allows automatic configuration of OpenSSL legacy providers if they
are available.

include/freerdp/server/proxy/proxy_config.h

@@ -109,6 +109,9 @@ extern "C"
 		size_t PrivateKeyPEMLength;
 
 		wIniFile* ini;
+
+		/* target continued */
+		UINT32 TargetTlsSecLevel;
 	};
 
 	/**

server/proxy/pf_config.c

@@ -74,6 +74,7 @@ static const char* key_target_fixed = "FixedTarget";
 static const char* key_target_user = "User";
 static const char* key_target_pwd = "Password";
 static const char* key_target_domain = "Domain";
+static const char* key_target_tls_seclevel = "TlsSecLevel";
 
 static const char* section_clipboard = "Clipboard";
 static const char* key_clip_text_only = "TextOnly";
@@ -168,10 +169,11 @@ static BOOL pf_config_get_uint32(wIniFile* ini, const char* section, const char*
 	WINPR_ASSERT(result);
 
 	strval = IniFile_GetKeyValueString(ini, section, key);
-	if (!strval && required)
+	if (!strval)
 	{
-		WLog_ERR(TAG, "key '%s.%s' does not exist.", section, key);
-		return FALSE;
+		if (required)
+			WLog_ERR(TAG, "key '%s.%s' does not exist.", section, key);
+		return !required;
 	}
 
 	val = IniFile_GetKeyValueInt(ini, section, key);
@@ -260,6 +262,10 @@ static BOOL pf_config_load_target(wIniFile* ini, proxyConfig* config)
 	                          config->FixedTarget))
 		return FALSE;
 
+	if (!pf_config_get_uint32(ini, section_target, key_target_tls_seclevel,
+	                          &config->TargetTlsSecLevel, FALSE))
+		return FALSE;
+
 	if (config->FixedTarget)
 	{
 		target_value = pf_config_get_str(ini, section_target, key_host, TRUE);
@@ -576,6 +582,10 @@ proxyConfig* server_config_load_ini(wIniFile* ini)
 	config = calloc(1, sizeof(proxyConfig));
 	if (config)
 	{
+		/* Set default values != 0 */
+		config->TargetTlsSecLevel = 1;
+
+		/* Load from ini */
 		if (!pf_config_load_server(ini, config))
 			goto out;
 
@@ -632,6 +642,8 @@ BOOL pf_server_config_dump(const char* file)
 		goto fail;
 	if (IniFile_SetKeyValueString(ini, section_target, key_target_fixed, bool_str_true) < 0)
 		goto fail;
+	if (IniFile_SetKeyValueInt(ini, section_target, key_target_tls_seclevel, 1) < 0)
+		goto fail;
 
 	/* Channel configuration */
 	if (IniFile_SetKeyValueString(ini, section_channels, key_channels_gfx, bool_str_true) < 0)
@@ -809,6 +821,7 @@ void pf_server_config_print(const proxyConfig* config)
 		CONFIG_PRINT_SECTION(section_target);
 		CONFIG_PRINT_STR(config, TargetHost);
 		CONFIG_PRINT_UINT16(config, TargetPort);
+		CONFIG_PRINT_UINT32(config, TargetTlsSecLevel);
 
 		if (config->TargetUser)
 			CONFIG_PRINT_STR(config, TargetUser);

server/proxy/pf_server.c

@@ -141,6 +141,10 @@ static BOOL pf_server_get_target_info(rdpContext* context, rdpSettings* settings
 			else
 				freerdp_settings_set_uint32(settings, FreeRDP_ServerPort, 3389);
 
+			if (!freerdp_settings_set_uint32(settings, FreeRDP_TlsSecLevel,
+			                                 config->TargetTlsSecLevel))
+				return FALSE;
+
 			if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname, config->TargetHost))
 			{
 				PROXY_LOG_ERR(TAG, ps, "strdup failed!");