diff --git a/include/errmsg.h b/include/errmsg.h
index 504c5a36..11db1b58 100644
--- a/include/errmsg.h
+++ b/include/errmsg.h
@@ -120,8 +120,8 @@ extern const char *mariadb_client_errors[];	/* Error messages */
 
 #endif
 
-#define IS_MYSQL_ERROR(code) ((code) > CR_MIN_ERROR && (code) < CR_MYSQL_LAST_ERROR)
-#define IS_MARIADB_ERROR(code) ((code) > CER_MIN_ERROR && (code) < CR_MARIADB_LAST_ERROR)
+#define IS_MYSQL_ERROR(code) ((code) > CR_MIN_ERROR && (code) <= CR_MYSQL_LAST_ERROR)
+#define IS_MARIADB_ERROR(code) ((code) > CER_MIN_ERROR && (code) <= CR_MARIADB_LAST_ERROR)
 
 #define ER(code) IS_MYSQL_ERROR((code)) ? client_errors[(code) - CR_MIN_ERROR] : \
                  IS_MARIADB_ERROR((code)) ?  mariadb_client_errors[(code) - CER_MIN_ERROR] : \
diff --git a/plugins/auth/my_auth.c b/plugins/auth/my_auth.c
index a50a14a8..f5d46ced 100644
--- a/plugins/auth/my_auth.c
+++ b/plugins/auth/my_auth.c
@@ -200,8 +200,6 @@ error:
   return res;
 }
 
-
-
 static int send_client_reply_packet(MCPVIO_EXT *mpvio,
                                     const uchar *data, int data_len)
 {
@@ -237,6 +235,16 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
        to unset CLIENT_CONNECT_WITH_DB flag */
     mysql->client_flag&= ~CLIENT_CONNECT_WITH_DB;
 
+  /* CONC-635: For connections via named pipe or shared memory the server
+               indicates the capability for secure connections (TLS), but
+               doesn't support it. */
+  if ((mysql->server_capabilities & CLIENT_SSL) &&
+      (mysql->net.pvio->type == PVIO_TYPE_NAMEDPIPE ||
+       mysql->net.pvio->type == PVIO_TYPE_SHAREDMEM))
+  {
+    mysql->server_capabilities &= ~(CLIENT_SSL);
+  }
+
   /* if server doesn't support SSL and verification of server certificate
      was set to mandatory, we need to return an error */
   if (mysql->options.use_ssl && !(mysql->server_capabilities & CLIENT_SSL))