InvalidCertificate(BadSignature) error with Twitter API in SP1 backend

[Hazyshades]

When attempting to generate a zkTLS proof for Twitter API (api.twitter.com) using the SP1 backend, the process fails with an InvalidCertificate(BadSignature) error during TLS session replay.

The zktls binary successfully:

• Connects to api.twitter.com:443
• Sends the HTTP request
• Receives the response (~6 minutes later)
• Starts proof generation

However, it fails during program execution in SP1 with the error:

thread 'main' panicked at zktls-replayable-tls-0.2.5/src/request.rs:40:10:
Failed to write data: Custom { kind: InvalidData, error: InvalidCertificate(BadSignature) }

Steps to Reproduce

1. Set up zktls binary with SP1 backend support
2. Create input JSON file for Twitter API request:

{
  "version": 1,
  "request_info": {
    "request": "0x474554202f322f75736572732f6d6520485454502f312e310d0a486f73743a206170692e747769747465722e636f6d0d0a4163636570743a206170706c69636174696f6e2f6a736f6e0d0a557365722d4167656e743a207a6b544c532f312e300d0a417574686f72697a6174696f6e3a20426561726572205b4f415554485f544f4b454e5d0d0a0d0a",
    "remote_addr": "api.twitter.com:443",
    "server_name": "api.twitter.com"
  },
  "response_template": [],
  "target": {
    "client": "0x95222290dd7278aa3ddd389cc1e1d165cc4bafe5",
    "prover_id": "0xe19cb336d24b30c013e7bdb2e93659d6086672be7191a02262a7e032ceb43fc9",
    "submit_network_id": 1
  },
  "origin": {
    "type": "secp256k1",
    "signature": "0x61600537178396fc1cb1abf2d880d6f0805d8969f672c4181857436ae5d0225875ffd4a212ced58dabe760b7e248a3f9ab1c9acf32bce1983e05c1ba9e3e228700",
    "nonce": 0
  }
}

3. Run zktls prove command:

RUST_LOG=info zktls prove -i input.json -t evm -p sp1

Expected Behavior

The zktls binary should successfully:

1. Connect to Twitter API
2. Send the request
3. Receive the response
4. Generate the ZK proof without certificate validation errors

Actual

The process fails during SP1 program execution with:

[2026-01-11T14:36:45Z INFO  sp1_core_executor::executor] clk = 0 pc = 0x3682a4
[2026-01-11T14:36:45Z INFO  sp1_core_executor::syscalls::write] ┌╴tls
stderr: WARNING: Using insecure random number generator.
stderr: 
stderr: thread 'main' panicked at zktls-replayable-tls-0.2.5/src/request.rs:40:10:
stderr: Failed to write data: Custom { kind: InvalidData, error: InvalidCertificate(BadSignature) }
stderr: stack backtrace:
stderr: note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Error: execution failed with exit code 1

[Hazyshades]

Environment

• zktls version: 0.1.0 (from the3cloud/zktls repository)
• Backend: SP1 (sp1-backend feature)
• Target chain: EVM
• OS: Ubuntu/Debian (VPS)
• Rust version: Latest stable
• Library version: zktls-replayable-tls-0.2.5
• Target API: Twitter API v2 (api.twitter.com:443)

What working

The same zktls binary works correctly with httpbin.org:

# Using testdata/input.json (httpbin.org)
zktls prove -i testdata/input.json -t evm -p sp1
# ✅ Successfully generates proof

Full Log Output

[2026-01-11T14:29:41Z INFO  zktls_input_builder::request] Connecting to api.twitter.com:443
[2026-01-11T14:29:41Z INFO  zktls_input_builder::request] Sending request complete
[2026-01-11T14:36:21Z INFO  zktls_input_builder::request] Received response complete
[2026-01-11T14:36:21Z INFO  zktls::utils] program already exists /root/.local/zktlsd/zktls-sp1, if you want to download again, please remove it
[2026-01-11T14:36:36Z INFO  p3_dft::radix_2_dit_parallel] coset_lde_batch; dims=14x524288
[2026-01-11T14:36:37Z INFO  p3_dft::radix_2_dit_parallel] coset_lde_batch; dims=11x65536
[2026-01-11T14:36:45Z INFO  tracing::span] execute;
[2026-01-11T14:36:45Z INFO  sp1_core_executor::executor] clk = 0 pc = 0x3682a4
[2026-01-11T14:36:45Z INFO  sp1_core_executor::syscalls::write] ┌╴tls
stderr: WARNING: Using insecure random number generator.
stderr: 
stderr: thread 'main' panicked at zktls-replayable-tls-0.2.5/src/request.rs:40:10:
stderr: Failed to write data: Custom { kind: InvalidData, error: InvalidCertificate(BadSignature) }