Environment
Centos 6; presumably others.

Problem
Using the default Socket client adapter doesn't work.
People give up in trying to get the SSL Certificates working, and thus set ssl_verify_peer = false to get it working.
The advice "Set the ssl_ca_path option" doesn't work, and errors.

For example, By using a the /etc/ssl/certs directory here (or it's resolved location of /etc/pki/tls/certs, you end up with the Socket adapter giving the error:
"error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

This is an issue repeated many times on the internet, and I've run into it personally often (and admittedly, had just disabled verify_peer for a while to get development working)

Background
The underlying issue is that these systems are incompatible with the ssl stream context options capath. In that the directory contains a certificate bundle file and not (as the PHP manual states) a "correctly hashed certificate directory"

Where according to the OpenSSL documentation, the direcotry must contain files in the form hash.0 where hash is the hashed certificate subject name.

Solution
OpenSSL Documentation states that the cafile option contains "A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together."

And thus the correct answer is to set the context option cafile to '/etc/ssl/certs/ca-bundle.crt' on these systems. (I have seen on some client systems the filename being certificate-bundle.crt, so it will be highly environment specific)

If you set an non existant file, and have openssl_error_string, the result will be :

SSL error: error:02001002:system library:fopen:No such file or directory; 
SSL error: error:2006D080:BIO routines:BIO_new_file:no such file; 
SSL error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

In addition to:
stream_socket_enable_crypto(): failed to create an SSL handle
stream_socket_enable_crypto(): Unable to set verify locations '/etc/ssl/certs/ca-bundle.cret'

Workaround For < 2.2.5*
Currently, for the Socket Adapter to work one needs to have a factory to manually make use of the cafile; rather than pass in the configuration array verbatim.

$sslcafile = '/etc/ssl/certs/ca-bundle.crt';
$context =  $client->getAdapter()->getStreamContext();
if (!stream_context_set_option($context, 'ssl', 'cafile', $sslcafile))  {
   throw new AdapterException\RuntimeException('Unable to set sslcafile option');
}