I need to upgrade OpenSSL on my CentOS server to 0.9.8k or higher, however the latest version in the official CentOS repositories is 0.9.8e, much too old. Is there a 3rd party repository I can use that has newer versions of OpenSSL libraries? If not, can someone provide a quick walkthrough of compiling a newer version of OpenSSL for CentOS? I need it to replace the built in version, so the walkthrough would have to explain how to create a CentOS-compatible RPM.
Let me guess - PCI?
What you really want is to look at Red Hat's CVE archives (which CentOS is based on) and verified whether the vulnerability has been fixed based on that list (most of the time, it has been). If you are using a third-party scanner that doesn't recognize your current version, look up the OVAL definitions to see the status of the vulnerabilities as well as whether the fixes were back ported; from there, you can map them to the current "generic" versions of your applications / libraries (in this case, OpenSSL).
Red Hat's link gives more details (which CentOS reference) as their backports policy. You may want to review it and save yourself the trouble of rebuilding OpenSSL.
Be aware that RedHat backports security fixes and such to packages and only increments the package subversion number and not the versioning of the package. Since Centos comes directly from RedHat, I might expect the same from their packaging as well.
Upgrade to Centos 6. It has version 1.0.0 built-in. See the list of packages and RPMs here: http://mirror.centos.org/centos/6/os/i386/Packages/
But it is never a good idea to install two versions of the same software on one system.