Bump pyopenssl from 22.0.0 to 22.1.0

[dependabot]

Bumps pyopenssl from 22.0.0 to 22.1.0.

Changelog

Sourced from pyopenssl's changelog.

22.1.0 (2022-09-25)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Remove support for SSLv2 and SSLv3.
• The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage)
• The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. [#1133](https://github.com/pyca/pyopenssl/issues/1133) <https://github.com/pyca/pyopenssl/pull/1133>_

Deprecations: ^^^^^^^^^^^^^

• OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.

Changes: ^^^^^^^^

• Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object's verification flags. [#1073](https://github.com/pyca/pyopenssl/issues/1073) <https://github.com/pyca/pyopenssl/pull/1073>_
• Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context) [#1121](https://github.com/pyca/pyopenssl/issues/1121) <https://github.com/pyca/pyopenssl/pull/1121>_.

Commits

• d7e539c Bump for 22.1.0 release (#1148)
• ad50a44 disallow latest sphinx release because it doesn't work with sphinx_rtd_theme ...
• f0ed288 add Connection.use_(certificate|privatekey) (#1121)
• a3483a7 fixes #1143 -- pin cryptography max version to prevent future pain (#1145)
• a52db02 Move away from the SSLEAY name (#1144)
• a145fc3 Switch to the new utils.deprecation spelling (#1140)
• 301e29a Don't test that invalid RSA keys can be imported (#1139)
• 38f9b4e Fix docs in SSL.Context.get_alpn_proto_negotiated (#1137)
• 65ca53a Make X509StoreContextError's message friendlier (#1133)
• 02db1a0 Fix incorrect documentation on X509Req.set_version #1130 (#1131)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[clokep]

@dependabot recreate

[DMRobertson]

I hope this upper bound isn't going to cause us pain in the future

[DMRobertson]

Backwards incompat changes don't seem to affect us:

• We already forbid SSLv2 and SSLv3:

  synapse/synapse/crypto/context_factory.py

  Lines 77 to 79 in 0f9adc9

  	context.set_options(
  	SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1
  	)

• we already lock cryptograph 38.0.3
• we don't use X509StoreContextError

Failures look like known complement flakes to me.