.OpenSSL rebased to 3.2.2 The OpenSSL packages have been rebased to upstream version 3.2.2. This update brings various enhancements and bug fixes, most notably the following: * The `openssl req` command with the `-extensions` option no longer mishandles extensions when creating certificate signing requests (CSR). Previously, the command fetched, parsed, and checked the name of the configuration file section for consistency but the name was not used for adding extensions to the created CSR file. With this fix, the extension is added to the generated CSR. As a side effect of this change, if the section specifies an extension incompatible with its use in the CSR, the command might fail with an error like `error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=server_cert, name=authorityKeyIdentifier, value=keyid, issuer:always`. * The default X.500 distinguished name (DN) formatting has been changed to use the UTF-8 formatter. This also causes the removal of space characters around the equal sign (`=`) that separates DN element types from their values. * Certificate compression extension (RFC 8879) is now supported. * The QUIC protocol can now be used on the client side as a Technology Preview. * The Argon2d, Argon2i, and Argon2id key derivation functions (KDF) are supported. * Brainpool curves have been added to the TLS 1.3 protocol (RFC 8734) but Brainpool curves remain disabled in all supported system-wide cryptographic policies.