Add DEBUG=tls,x509:3,certstore,privkey to make line for relevant run-time debug info.
If you want to trust multiple root certificates, use one certificate per file and specify all files separated with comma as described in the commit that introduced the feature.