When attempting to use client-side field level encryption by means of an AWS KMS, I run into the error: 
TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

The Enterprise MongoDB server I am connecting to is version 5.0.3 and does not require an SSL configuration in the connection. 

I have tracked my error down to an inability to set the CA file for the SSL connection to the AWS KMS. In the file "mongo-c-driver-1.19.0/src/libmongoc/src/mongoc/mongoc-crypt.c" there is a _get_stream function whose variable ssl_opts of the type mongoc_ssl_opt_t is filled in with NULL values through the function mongoc_ssl_opt_get_default. I was able to resolve my issue and load and unload encrypted fields successfully by compiling a version of the C driver in which I used _mongoc_getenv to pass in a string that I assigned to the ca_file value of ssl_opts. 

If there is a manner of configuring this SSL connection, I have not found the documentation for it nor a code path that assigns values given by the user.