Bug 664084

The bundled openssl is a crucial part for ssl testing. It is important to compile this tool against a very specific (old and vulnerable) openssl library.

The manual (/bin/Readme.md) suggest to use one of the following repositories:
 - https://github.com/drwetter/openssl
 - https://github.com/PeterMosmans/openssl

First of all, bundled-openssl is not even enabled by default but I belive it should not be optional at all.

Secondly, I have enabled it but the tool still uses a system library:
 Using "OpenSSL 1.0.2o  27 Mar 2018" [~125 ciphers]


This version produce false positive results for "Secure Client-Initiated Renegotiation" vulnerability. See the following link for more details: 
https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/)

emerge --info
Portage 2.3.40 (python 3.6.5-final-0, default/linux/amd64/17.0/hardened, gcc-7.3.0, glibc-2.26-r7, 4.17.11-pentoo x86_64)
=================================================================
System uname: Linux-4.17.11-pentoo-x86_64-Intel-R-_Core-TM-_i5-3320M_CPU_@_2.60GHz-with-gentoo-2.4.1
KiB Mem:     7971108 total,   2521624 free
KiB Swap:    4194300 total,   4190576 free
Timestamp of repository gentoo: Sun, 19 Aug 2018 07:45:01 +0000
Head commit of repository gentoo: cd4372788a5dc828180d6499c27188faeaae59a2
Head commit of repository pentoo: faf964e5eec30d1af0635654c38f7dfcf235625f

sh bash 4.4_p12
ld GNU ld (Gentoo 2.30 p2) 2.30.0
app-shells/bash:          4.4_p12::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.24.3-r1::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.6.5::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.34.11::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.13.4-r2::gentoo, 1.15.1-r2::gentoo
sys-devel/binutils:       2.30-r2::gentoo
sys-devel/gcc:            7.3.0-r3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1-r3::gentoo
sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers)
sys-libs/glibc:           2.26-r7::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.asia.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-max-age: 24
    sync-rsync-extra-opts: 
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-jobs: 1

local-overlay
    location: /usr/local/portage
    masters: gentoo
    priority: 0

pentoo
    location: /var/db/overlays/pentoo-overlay
    sync-type: git
    sync-uri: https://github.com/pentoo/pentoo-overlay
    masters: gentoo

steam-overlay
    location: /var/db/overlays/steam-overlay
    masters: gentoo
    priority: 50

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA OPERA-12 NVIDIA-CUDA PUEL AdobeFlash-11.x Google-TOS dlj-1.1 google-chrome Oracle-BCLA-JavaSE Intel-SDP skype-4.0.0.7-copyright baudline"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -frecord-gcc-switches"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -frecord-gcc-switches"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--load-average=3.6 --quiet-build"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe -frecord-gcc-switches -frecord-gcc-switches"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -frecord-gcc-switches -frecord-gcc-switches"
GENTOO_MIRRORS="http://gentoo.aditsu.net:8000/"
INSTALL_MASK="*.la"
LANG="en_SG.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0"
LINGUAS="en ru"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_BINHOST="http://mirror.switch.ch/ftp/mirror/pentoo/Packages/amd64-hardened"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--omit-dir-times"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi activities alsa amd64 branding bzip2 cairo cdda consolekit crypt cups cxx dbus declarative dri dri3 dts dvdr emboss encode exif ffmpeg flac gif glamor gtk hackrf hardened iconv ipv6 jpeg kde kipi kwallet lcms libnotify libtirpc mad minipentoo mng modemmanager mp3 mp4 mpeg multilib ncurses networkmanager nls nptl ogg opengl openmp pam pango pax_kernel pcre pdf phonon pie plasma png policykit ppds qml qt5 readline samba sdl seccomp semantic-desktop spell ssl ssp startup-notification svg tiff truetype udev udisks unicode upower usb vaapi vlc vorbis widgets wxwidgets x264 xattr xcb xcomposite xinerama xml xtpax xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en ru" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby23" UNICORN_TARGETS="x86" USERLAND="GNU" VIDEO_CARDS="vesa intel i965" XFCE_PLUGINS="brightness menu logout trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS