A new connection property, CS_SEC_EXTENDED_ENCRYPTION, is provided to enable or disable the new extended password encryption feature. CS_SEC_EXTENDED_ENCRYPTION is set to CS_FALSE by default. You must use ct_con_props to enable the feature by setting the value to CS_TRUE.
CS_SEC_ENCRYPTION is the connection property for normal password encryption. CS_SEC_ENCRYPTION is also set to CS_FALSE by default.
If an Open Client application logs onto a server with both CS_SEC_EXTENDED_ENCYPTION and CS_SEC_ENCRYPTION set to CS_TRUE, it uses extended password encryption as the first preference.
If your server cannot support extended password encryption, it uses normal password encryption. If your server cannot support both extended and normal encryption, it fails the connection request and reconnects using a plaintext password.
CS_RETCODE ct_con_props (CS_CONNECTION *connection, CS_INT action, CS_INT property, CS_VOID *buffer, CS_INT buflen, CS_INT* outlen)
connection
Pointer to CS_CONNECTION structure.
action
Symbolic values for CS_SET, CS_GET, CS_CLEAR, or CS_SUPPORTED.
property
Symbolic name for CS_SEC_EXTENDED_ENCRYPTION.
buffer
Pointer to CS_TRUE or CS_FALSE values.
buflen
Fixed length values passed as CS_UNUSED.
outlen
Unused value passed as NULL.
In the following example, CS_SEC_EXTENDED_ENCRYPTION is disabled:
...
CS_INT Ex_encryption = CS_FALSE;
CS_INT Ex_nonencryptionretry = CS_FALSE;
...
main()
{
...
/*
** This needs to be called before calling ct_connect()
*/
ret = ct_con_props(connection, CS_SET, CS_SEC_EXTENDED_ENCRYPTION, &Ex_encryption, CS_UNUSED, NULL);
EXIT_ON_FAIL(context, ret, "Could not set extended encryption");
ret = ct_con_props(connection, CS_SET, CS_SEC_NON_ENCRYPTION_RETRY, &Ex_nonencryptionretry, CS_UNUSED, NULL);
EXIT_ON_FAIL(context, ret, "Could not set non encryption retry");
...
}