* SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763
* IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31)
* FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul]
* FIPS: Minimum RSA key size is 2048, not 3072 [Paul]
* FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul]
* IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul]
* IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul]
* libipsecconf: support old-style ",," to mean "\," in specifying id [Paul]
* libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul]
* whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul]
* Fix left=%iface syntax due to string length miscalculation [Antony]
* X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul]
* packaging: debian fixes [Antony]
* building: USE_NSS_KDF=true now uses NSS for all KDF functions
            Using this option, libreswan no longer needs FIPS certification