* tolerate NULL params in ECDSA SHA2 AlgorithmIdentifier (#9002)

* tolerate NULL params in ECDSA SHA2 AlgorithmIdentifier

Java 11 does this incorrectly. It was fixed in Java16+ and they are
planning to do a backport, but we'll need to tolerate this invalid
encoding for a while.

* test both inner and outer

* changelog entry

* language

* Bump openssl from 0.10.53 to 0.10.54 in /src/rust (#9004)

Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.53 to 0.10.54.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](sfackler/rust-openssl@openssl-v0.10.53...openssl-v0.10.54)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Added tests for NUL bytes in PKCS8 passphrases (#9001)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

* Added PyPy 3.10 to CI (#8933)

* Bump proc-macro2 for nightly

* Fix encoding of SSH certs with critical options (#9208)

* Add tests for issue #9207

* Fix encoding of SSH certs with critical options

* Test unexpected additional values for crit opts/exts

* temporarily allow invalid ssh cert encoding

---------

Co-authored-by: jeanluc <2163936+lkubb@users.noreply.github.com>

* fix the memory leak in fixedpool (#9272)

* fix the memory leak in fixedpool

fixes #9255

* simplify fix

* resolve clippy warnings

not bumping version, we'll do that when we have 3.1.2 built

Fixes #9063

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

* bump for 41.0.3

* bump openssl versions in CI

* version bumps do not work that way

* Rebuild cffi module if version changes (#9011)

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>