Is the issue having the new version of OpenSSL at compile-time, or at run-time? (My build of 0.10rc1 links dynamically to /lib/x86_64-linux-gnu/libssl.so.1.0.0, but I don't know about 0.9.3 or builds made on the PPA as part of a Debian build process).

Furthermore, to prevent such drama later if OpenSSL is still used down the road, is there a documented, secure, and feasible way to statically link to a known version of OpenSSL that is passing tests?