Today I was searching on a Linux box for the standard path of the CAs the OpenSSL installation trusts. It’s fairly easy to find out, but searching for it can take some time so here as a quick note - to find the standard path of the CAs trusted by OpenSSL this command can be used:
# openssl version -a
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Wed Feb 22 17:34:31 EST 2012
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic
The interesting line is the one starting with OPENSSLDIR.