Even if OpenSSL were licensed under the GPL, nothing prevents the organization from releasing patches or separate distributions under a restrictive commercial license. They are the copyright holder. Viral open source licenses constrain _licensees_ to release derivative works under the same terms, but they can’t somehow destroy inherent ownership rights due to the copyright holder.
I was going to add that OpenSSL does in fact have a strong CLA enforcement policy, as should anyone attempting to earn money from open source software.
Of course you’re right, if the actual copyright ownership is in dispute then ownership rights associated with that ownership are difficult to invoke.
