The "ssl-ca-location" setting:

The full pathname to a file containing PEM encoded
CA root certificates, or a directory of certificates
with filenames formed from the certificate hashes as
required by OpenSSL.

If set, this will override the OS default list of
OpenSSL CAs. If unset, the default list will be used.
Some platforms may add additional certificates.
Checking your platform behaviour is required if the
exact contents of the CA root is critical for your
application.