Here's a short explanation of
the configuration directives.
openssl.cafilestring
Location of Certificate Authority file on local filesystem which should
be used with the verify_peer context option to authenticate the
identity of the remote peer.
openssl.capathstring
If cafile is not specified or if the certificate is not found there, the
directory pointed to by capath is searched for a suitable certificate.
capath must be a correctly hashed certificate directory.