start inner STM

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/radius/eap/protocol/tls/payload.go

@@ -157,7 +157,7 @@ func (p *Payload) tlsInit(ctx protocol.Context) {
 	ctx.Log().Debug("TLS: no TLS connection in state yet, starting connection")
 	p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second)
 	p.st.Conn = NewBuffConn(p.Data, p.st.Context)
-	cfg := ctx.ProtocolSettings().(Settings).Config.Clone()
+	cfg := ctx.ProtocolSettings().(TLSConfig).TLSConfig().Clone()
 
 	if klp, ok := os.LookupEnv("SSLKEYLOGFILE"); ok {
 		kl, err := os.OpenFile(klp, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)

internal/outpost/radius/eap/protocol/tls/settings.go

@@ -7,7 +7,15 @@ import (
 	"goauthentik.io/internal/outpost/radius/eap/protocol"
 )
 
+type TLSConfig interface {
+	TLSConfig() *tls.Config
+}
+
 type Settings struct {
 	Config              *tls.Config
 	HandshakeSuccessful func(ctx protocol.Context, certs []*x509.Certificate) protocol.Status
 }
+
+func (s *Settings) TLSConfig() *tls.Config {
+	return s.Config
+}