strongswan-4.4.1rc1
-------------------

- The ipsec pki command outputs certificates in pem format.

- Heiko Hund added --pool and --identity parameters to the
  ip pool --addattr and --delattr commands.

- Added DiffServ scenario ikev2/net2net-psk-dscp which uses
  xfrm marks.

- Support of xfrm marks in IPsec SAs and IPsec policies introduced
  with the Linux 2.6.34 kernel. For details see example scenario
  ikev2/nat-two-rw-mark.
 
- ipsec pool --statusattr shows attribute values in native format
  (if known). The --hexout option reverts to all hex output.

- fixed get_subjectIdentifier() in the openssl plugin.

- be lenient towards wrong encoding of the XAUTH_STATUS attribute.

- the openssl plugin support X.509 certificate and CRL functionality.

- The major refactoring of the IKEv1 Mode Config functionality now allows
  the transport and handling of any Mode Config attribute.

- The ipsec pool tool manages arbitrary configuration attributes stored
  in an SQL database. ipsec pool --help gives the details.