3 files changed, 26 insertions, 18 deletions

diff --git a/configure.ac b/configure.ac
index cd561347c..1539bcd73 100644
--- a/configure.ac
+++ b/configure.ac
@@ -560,12 +560,12 @@ AS_IF([test "$enable_daemon" = "yes" -o "$enable_utilities" = "yes"], [
 
 # QUIC support
 AC_ARG_ENABLE([quic],
-   AS_HELP_STRING([--enable-quic=auto|yes|no], [Support DoQ (needs libngtcp2 >= 0.13.0, gnutls >= 3.7.2) [default=auto]]),
+   AS_HELP_STRING([--enable-quic=auto|yes|no], [Support DoQ (needs libngtcp2 >= 0.14.0, gnutls >= 3.7.2) [default=auto]]),
    [], [enable_quic=auto])
 
 AS_CASE([$enable_quic],
-   [auto], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 >= 0.13.0 libngtcp2_crypto_gnutls], [enable_quic=yes], [enable_quic=no])],
-   [yes], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 >= 0.13.0 libngtcp2_crypto_gnutls], [enable_quic=yes],
+   [auto], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 >= 0.14.0 libngtcp2_crypto_gnutls], [enable_quic=yes], [enable_quic=no])],
+   [yes], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 >= 0.14.0 libngtcp2_crypto_gnutls], [enable_quic=yes],
              AS_IF([test "$gnutls_quic" = "yes"],
                 [enable_quic=embedded
                  embedded_libngtcp2_CFLAGS="-I\$(top_srcdir)/src/contrib/libngtcp2 -I\$(top_srcdir)/src/contrib/libngtcp2/ngtcp2/lib"
diff --git a/doc/requirements.rst b/doc/requirements.rst
index 8777421b6..73e707c20 100644
--- a/doc/requirements.rst
+++ b/doc/requirements.rst
@@ -110,6 +110,6 @@ recommendations.
 DNS-over-QUIC (DoQ) support in :doc:`knotd<man_knotd>`, :doc:`kxdpgun<man_kxdpgun>`,
 and :doc:`kdig<man_kdig>`:
 
-* libngtcp2 >= 0.13.0 (or embedded one via `--enable-quic`)
+* libngtcp2 >= 0.14.0 (or embedded one via `--enable-quic`)
 * gnutls >= 3.7.2
 * :ref:`Mode XDP` (for knotd and kxdpgun)
diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
index 2c2d8fa39..f1529307e 100644
--- a/src/libknot/quic/quic.c
+++ b/src/libknot/quic/quic.c
@@ -70,7 +70,8 @@ typedef struct knot_quic_creds {
 typedef struct knot_quic_session {
 	node_t n;
 	gnutls_datum_t tls_session;
-	ngtcp2_transport_params quic_params;
+	size_t quic_params_len;
+	uint8_t quic_params[sizeof(ngtcp2_transport_params)];
 } knot_quic_session_t;
 
 static unsigned addr_len(const struct sockaddr_in6 *ss)
@@ -82,12 +83,7 @@ static unsigned addr_len(const struct sockaddr_in6 *ss)
 _public_
 struct knot_quic_session *knot_quic_session_save(knot_quic_conn_t *conn)
 {
-	const ngtcp2_transport_params *tmp = ngtcp2_conn_get_remote_transport_params(conn->conn);
-	if (tmp == NULL) {
-		return NULL;
-	}
-
-	knot_quic_session_t *session = calloc(1, sizeof(*session));
+	knot_quic_session_t *session = malloc(sizeof(*session));
 	if (session == NULL) {
 		return NULL;
 	}
@@ -98,7 +94,14 @@ struct knot_quic_session *knot_quic_session_save(knot_quic_conn_t *conn)
 		return NULL;
 	}
 
-	memcpy(&session->quic_params, tmp, sizeof(session->quic_params));
+	ngtcp2_ssize ret2 =
+		ngtcp2_conn_encode_early_transport_params(conn->conn, session->quic_params,
+		                                          sizeof(session->quic_params));
+	if (ret2 < 0) {
+		free(session);
+		return NULL;
+	}
+	session->quic_params_len = ret2;
 
 	return session;
 }
@@ -111,17 +114,22 @@ int knot_quic_session_load(knot_quic_conn_t *conn, struct knot_quic_session *ses
 	}
 
 	int ret = KNOT_EOK;
-	if (conn == NULL) {
+	if (conn == NULL) { // Just cleanup the session.
 		goto session_free;
 	}
 
 	ret = gnutls_session_set_data(conn->tls_session, session->tls_session.data,
 	                              session->tls_session.size);
-	if (ret != KNOT_EOK) {
+	if (ret != GNUTLS_E_SUCCESS) {
+		ret = KNOT_ERROR;
 		goto session_free;
 	}
 
-	ngtcp2_conn_set_early_remote_transport_params(conn->conn, &session->quic_params);
+	ret = ngtcp2_conn_decode_early_transport_params(conn->conn, session->quic_params,
+	                                                session->quic_params_len);
+	if (ret != 0) {
+		ret = KNOT_ERROR;
+	}
 
 session_free:
 	gnutls_free(session->tls_session.data);
@@ -425,9 +433,9 @@ bool quic_conn_timeout(knot_quic_conn_t *conn, uint64_t *now)
 _public_
 uint32_t knot_quic_conn_rtt(knot_quic_conn_t *conn)
 {
-	ngtcp2_conn_stat stat = { 0 };
-	ngtcp2_conn_get_conn_stat(conn->conn, &stat);
-	return stat.smoothed_rtt / 1000; // nanosec --> usec
+	ngtcp2_conn_info info = { 0 };
+	ngtcp2_conn_get_conn_info(conn->conn, &info);
+	return info.smoothed_rtt / 1000; // nanosec --> usec
 }
 
 _public_