I’ve got the glowfish Particle client sort-of working. I pointed it at https://api.particle.io/v1 and it returned some plausible text. I pointed it at a server at home that is https however the certificate is signed by me rather than a CA. It connected for a few times before crashing (SOS) but connects occasionally so on that basis I reckon it’s ignoring the certificate checks. If that’s the case then you may want to look at setting diagnostics rather than trying to add extra root certs, which might be ignored.
I’ve since had a look through the code, which I think was a bundle that I downloaded from github. httpsclient-particle.h sets ALLOW_ANON_CONNECTIONS to 1, which seems to be a way of ignoring cert errors and in httpsclient-particle.cpp NULL is passed as the expected name for a match against CN. I can’t be 100% certain from a brief look but it looks to be the case.
Try setting USE_CRYPTO_TRACE in cryptoConfig.h as it gives a little bit more handshake diagnostics. USE_SSL_HANDSHAKE_MSG_TRACE and USE_SSL_INFORMATIONAL_TRACE looked promising but didn’t help me much when I tried them.
If you are accessing your own server then Wireshark is always a good bet for seeing what’s going over the network and is always my favoured tool.