For an overview of what they mean have a look at the Certificate Extensions section in OpenSSL’s x509 man page.

This is how they relate to code (taken from v3_purp.c):

static X509_PURPOSE xstandard[] = {
{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
};

When checking for a purpose programmatically, you usually only have to deal with the integer constants such as X509_PURPOSE_SSL_SERVER. These purposes are used during certificate validation. The certificate (path) is validated and finally OpenSSL checks whether the certificate at hand contains an ExtendedKeyUsage extension that contains the requested “purposes”. If it does not, the certificate will be rejected.

OpenSSL applies reasonable defaults where possible, but if you have special requirements you may add your own purposes to be checked during certificate validation. It is also possible to check for custom ExtendedKeyUsages if you wish to, but usually the predefined default values suffice.