OpenSSL 0.9.8k or higher on CentOS 5?
Solution 1:
Let me guess - PCI?
What you really want is to look at Red Hat's CVE archives (which CentOS is based on) and verified whether the vulnerability has been fixed based on that list (most of the time, it has been). If you are using a third-party scanner that doesn't recognize your current version, look up the OVAL definitions to see the status of the vulnerabilities as well as whether the fixes were back ported; from there, you can map them to the current "generic" versions of your applications / libraries (in this case, OpenSSL).
Red Hat's link gives more details (which CentOS reference) as their backports policy. You may want to review it and save yourself the trouble of rebuilding OpenSSL.
Solution 2:
Be aware that RedHat backports security fixes and such to packages and only increments the package subversion number and not the versioning of the package. Since Centos comes directly from RedHat, I might expect the same from their packaging as well.