It's possible to hook into the OpenSSL handshake process and obtain the identification of the root CA certificate being requested, and only then load it from the system CA certificate store.
I'm not sure which API can do this in OpenSSL, but on Unix an strace of the /usr/bin/openssl tool (when passed the -CApath argument) reveals that it does load certs on-demand. E.g.:
The full loading of CA certificates should only be triggered if the user tries to obtain the list, via QSslConfiguration::defaultConfiguration().caCertificates() or QSslSocket::defaultCaCertificates(). In other words, we should keep a flag indicating whether on-demand loading has been done.
Note: on-demand loading must not break thread-safety.