The "ssl-ca-location" setting:
The full pathname to a file containing PEM encoded CA root certificates, or a directory of certificates with filenames formed from the certificate hashes as required by OpenSSL.
If set, this will override the OS default list of OpenSSL CAs. If unset, the default list will be used. Some platforms may add additional certificates. Checking your platform behaviour is required if the exact contents of the CA root is critical for your application.
This setting is overridden by environment variables SSL_CERT_FILE and SSL_CERT_DIR.