Usually SSL certificates are installed system-wide (e.g. in /etc/ssl/certs). Is it possible to configure OpenSSL in a way that allows user to put certificates in their home directory (for example in ~/.ssl/certs)?
A use-case could be a user that needs to access services with a self-signed certificate (generated by him, thus trusted); having the self-signed CA installed system wide would be wrong because the other users shouldn't trust that CA.
If you mean applications using OpenSSL library for SSL, each application can either specify the (concatenated) file and/or (hash-linked) directory to be used for trusted certs, or it can invoke OpenSSL's defaults, or it could offer the choice. In the first case, you need to (be able and) configure the app what to specify. For example, in curl use --cacert and/or --capath per http://curl.haxx.se/docs/manpage.html . In the second case, the compiled-in OpenSSL defaults, which are system and possibly build dependent, can be overridden by environment variables SSL_CERT_FILE and SSL_CERT_DIR respectively.
If you mean applications using OpenSSL library for other things (that use certs) like CMS/SMIME, OpenSSL has a less simple API; basically the application must directly build up an X509_STORE to be used for validation, although I think it can still invoke the same defaults.
If you mean the commandline program openssl the picture is a little more complicated. Some utilities (subcommands) don't use truststore (or even certs at all); those that do have options to specify one usually -CAfile and -CApath; see the man pages for s_client, verify, ocsp etc as applicable. However, the logic that is supposed to use the defaults if you don't specify the options has long been coded inconsistently; there was discussion on the support list a few months ago and I believe a fix has (finally) been agreed, but as of 1.0.1j 15 Oct 2014 it isn't released.
