Description:
In contrast to the standard client tools (mysql, mysqldump, mytop, ...) the API lib mishandles the secure_auth parameter.

In a configuration file having
  secure_auth = FALSE
the API will always treat it as "secure_auth = TRUE".
Examples of the woes of people struggling with this are
https://rt.cpan.org/Ticket/Display.html?id=100831
http://stackoverflow.com/a/27429036/891516
"ERROR 2049 (HY000): Connection using old (pre-4.1.1) authentication protocol refused
  (client option 'secure_auth' enabled)"

The one-line patch changes the handling so that
  secure_auth
is treated the same as now (TRUE) but
  secure_auth = FALSE
is handled correctly.

Applying this patch means that code using the v5.6 API can access a v4.0 server.

How to repeat:
Create a db.cnf file:
[client]
host = 10.0.0.1
port = 3306
user = monitor
password = ...
secure_auth = FALSE

Then try to connect to a MySQL v4 server (or any server not using secure auth) using any language that relies on the C API:
perl -MDBI -E'DBI->connect(q{DBI:mysql:test;
  mysql_read_default_file=/root/wip/db.cnf})'

Suggested fix:
--- sql-common/client.c.orig    2014-11-21 10:02:01.000000000 +0000
+++ sql-common/client.c 2014-12-11 18:09:14.753020367 +0000
@@ -1310,7 +1310,7 @@
          options->client_flag|= CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS;
          break;
         case OPT_secure_auth:
-          options->secure_auth= TRUE;
+          options->secure_auth= (!opt_arg || atoi(opt_arg) != 0) ? TRUE : FALSE;
           break;
         case OPT_report_data_truncation:
           options->report_data_truncation= opt_arg ? MY_TEST(atoi(opt_arg)) : 1;

Patch with the one-line fix

Attachment: libmysql.patch (text/x-patch), 527 bytes.

Hello Nic Sandfield,

Thank you for the report and contribution.
Could you please sign the OCA, so that we can consider taking your patch? Please see the following for more details:

http://www.oracle.com/technetwork/community/oca-486395.html

Thanks,
Umesh

// MySQL 5.6.24 client with  --secure-auth=FALSE

[ushastry@ushastry]/export/umesh/mysql-5.6.24: bin/mysql -u ushastry -p -S /tmp/mysql_ushastry.sock --secure-auth=FALSE
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 4.0.30-classic

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
mysql> \s
--------------
bin/mysql  Ver 14.14 Distrib 5.6.24, for linux-glibc2.5 (x86_64) using  EditLine wrapper

..
Current user:           ushastry@localhost
SSL:                    Not in use
Current pager:          more
Using outfile:          ''
Using delimiter:        ;
Server version:         4.0.30-classic

// Perl
[ushastry@ushastry]/export/umesh/mysql-5.6.24:perl -v

This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
(with 25 registered patches, see perl -V for more detail)
..

[ushastry@ushastry]/export/umesh/mysql-5.6.24: cat /tmp/75425.cnf

[client]
host = localhost
port = 15000
user = ushastry
password=123
secure_auth = FALSE
socket=/tmp/mysql_ushastry.sock
[ushastry@ushastry]/export/umesh/mysql-5.6.24: perl  -MDBI -E'DBI->connect(q{DBI:mysql:test;mysql_read_default_file=/tmp/75425.cnf})'
DBI connect('test;mysql_read_default_file=/tmp/75425.cnf','',...) failed: Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled) at -e line 1.

// With skip_secure_auth 

[ushastry@ushastry]/export/umesh/mysql-5.6.24: cat /tmp/75425.cnf

[client]
host = localhost
port = 15000
user = ushastry
password=123
#secure_auth = FALSE
skip_secure_auth
socket=/tmp/mysql_ushastry.sock

[ushastry@ushastry]/export/umesh/mysql-5.6.24: perl  -MDBI -E'DBI->connect(q{DBI:mysql:test;mysql_read_default_file=/tmp/75425.cnf})'
[ushastry@ushastry]/export/umesh/mysql-5.6.24:

Thanks Umesh, I have now submitted my OCA.
-- 
Nic Sandfield