From e9aa7edbf1eeac09407c40fa69c06b3ee778dded Mon Sep 17 00:00:00 2001
From: Neil Twigg <neil@nats.io>
Date: Wed, 19 Jul 2023 16:28:41 +0100
Subject: [PATCH] Don't require TLS for in-process connection

Signed-off-by: Neil Twigg <neil@nats.io>
---
 server/server.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/server/server.go b/server/server.go
index ec6239900a4..ad9643b6cc2 100644
--- a/server/server.go
+++ b/server/server.go
@@ -2217,7 +2217,7 @@ func (s *Server) AcceptLoop(clr chan struct{}) {
 func (s *Server) InProcessConn() (net.Conn, error) {
 	pl, pr := net.Pipe()
 	if !s.startGoRoutine(func() {
-		s.createClient(pl)
+		s.createClientInProcess(pl)
 		s.grWG.Done()
 	}) {
 		pl.Close()
@@ -2572,6 +2572,14 @@ func (c *tlsMixConn) Read(b []byte) (int, error) {
 }
 
 func (s *Server) createClient(conn net.Conn) *client {
+	return s.createClientEx(conn, false)
+}
+
+func (s *Server) createClientInProcess(conn net.Conn) *client {
+	return s.createClientEx(conn, true)
+}
+
+func (s *Server) createClientEx(conn net.Conn, inProcess bool) *client {
 	// Snapshot server options.
 	opts := s.getOpts()
 
@@ -2659,7 +2667,7 @@ func (s *Server) createClient(conn net.Conn) *client {
 	}
 	s.clients[c.cid] = c
 
-	tlsRequired := info.TLSRequired
+	tlsRequired := info.TLSRequired && !inProcess
 	s.mu.Unlock()
 
 	// Re-Grab lock