When connecting with TCP, gated packets (FROMCALL != LOGIN) get the qAR construct appended to the path. When connecting with TLS, they get qAS. There shouldn't be a difference between connecting with TCP and connecting with TLS and while it should be up to a client to correctly append the qAR or qAO, aprsc should guard against clients that aren't doing that correctly and do something sensible.
When connecting with TCP, gated packets (FROMCALL != LOGIN) get the qAR construct appended to the path. When connecting with TLS, they get qAS. There shouldn't be a difference between connecting with TCP and connecting with TLS and while it should be up to a client to correctly append the qAR or qAO, aprsc should guard against clients that aren't doing that correctly and do something sensible.