Recently, I experienced a strange behaviour when I tried to use Twitter from my VPN:
The front page was not displaying properly while using my VPN but was looking normal when I was using it on another computer without VPN, It was looking as if the CSS couldn't be loaded.
So, out of curiosity, I checked the certificate on my PC with VPN and on my PC without VPN and their md5 did not match!

# the SSL cert I see from my DSL internet connection
:~$ md5sum goodtwitter.com.cert
4b1f9f49b74ac18fa20b32fd0f570aa9  goodtwitter.com.cert
# the SSL cert I see from my VPN
:~$ md5sum badtwitter.com.cert
 e8ed041e9751a8bf84e217037239ef08  badtwitter.com.cert

And even worse, The html page source code of both websites didn't match either! Was I victim of MITM attack?
After a quick check, the differences in the webpage seem to be language related and also, the ad source is different, which makes sense since my VPN's ip is associated to another country.
One problem solved.

When I was checking the suspicious cert on Twitter, one of the field seemed bogus when displayed by OpenSSL:

openssl x509 -in badtwitter.com.cert
[...]
           1.3.6.1.4.1.11129.2.4.2: 
                ...k.i.v.......X......gp 
.....K..+,.....G0E.!............"p.....`v!.+MgT..f..H. .?.1.).C...t>c. |%...5 
.....+@...w.V.../.......D.>.Fv....\....U.......K..-?.....H0F.!...4..... ..X.K.....D.e......._h..!..F..T.w.~/N.*J.w&.#.q....... ....v.h....d..:...(.L.qQ]g..D. 
g..OO.....K..+H.....G0E.!.....1....W.9~....GS.W.....^...C.. ^4.M&9$.~.."Sd^.p4..r....'..;... 
[...]

This line was only appearing on my VPN PC cert. It was really starting to look fishy and raised some questions:

-Do Twitter really have several certificates?
-Does using a VPN changes something when you access HTTPS websites, a bit like using a misconfigured HTTPS proxy will trigger warnings in your browser?
-Was I victim of some kind of Man In the Middle attack?
-And if it is a MITM, why doesn't Firefox give me warnings?

After some googling, the boggus part in the certificate appears to be the Embedded SCT :

Embedded SCT(Signed Certificate Timestamps) is a new certificate extension/OID (1.3.6.1.4.1.11129.2.4.2) used to implement certificate transparency. According to RFC6962, it allows a log of SCTs to be stored on a server to invalidate certificates that could be produced by a rogue CA.

This makes more sense than a global MITM attack on my VPN provider or a very targeted attack on my PC.

So I tried to compile an up to date version of gnuTLS to see if it knows this X.509 v3 extension :
The answer is no, I got the following output:

                Unknown extension 1.3.6.1.4.1.11129.2.4.2 (not critical): 
                        ASCII: ...k.i.v.......X......gp.<5.......w.........K..+,.....G0E.!............"p.....`v!.+MgT..f..H. .?.1.).C...t>c. |%...5......+@...w.V.../.......D.>.Fv....\....U.......K..-?.....H0F.!...4..... ..X.K.....D.e......._h..!..F..T.w.~/N.*J.w&.#.q....... ....v.h....d..:...(.L.qQ]g..D..g..OO.....K..+H.....G0E.!.....1....W.9~....GS.W.....^...C.. ^4.M&9$.~.."Sd^.p4..r....'..;...

So, how do I verify the certificate signature now?
On my main PC,GnuTLS tells me the certificate can be trusted

:~$ gnutls-cli  -p 443 www.twitter.com
Processed 172 CA certificate(s).
Resolving 'www.twitter.com'...
Connecting to '199.59.148.10:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `jurisdictionOfIncorporationCountryName=US,jurisdictionOfIncorporationStateOrProvinceName=Delaware,businessCategory=Private Organization,serialNumber=4337446,C=US,postalCode=94103-1307,ST=California,L=San Francisco,street=1355 Market St,O=Twitter\, Inc.,OU=Twitter Security,CN=twitter.com', issuer `C=US,O=Symantec Corporation,OU=Symantec Trust Network,CN=Symantec Class 3 EV SSL CA - G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-09-10 00:00:00 UTC', expires `2016-05-09 23:59:59 UTC', SHA-1 fingerprint `add53f6680fe66e383cbac3e60922e3b4c412bed'
        Public Key ID:
                269a19a38828c1dd701ba0ca2c98dbc6e14f373e
        Public key's random art:
                +--[ RSA 2048]----+
                |   .             |
                |  . .            |
                | . . o           |
                |*.. + o          |
                |*+..oo. S        |
                |+B o * o         |
                |* * = o          |
                |.. o oE.         |
                |    . ..         |
                +-----------------+

- Certificate[1] info:
 - subject `C=US,O=Symantec Corporation,OU=Symantec Trust Network,CN=Symantec Class 3 EV SSL CA - G3', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA256, activated `2013-10-31 00:00:00 UTC', expires `2023-10-30 23:59:59 UTC', SHA-1 fingerprint `e3fc0ad84f2f5a83ed6f86f567f8b14b40dcbf12'
- Status: The certificate is trusted. 
[...]

But on my VPN PC gnutls-cli tells me that www.twitter.com can not be trusted!

:~# gnutls-cli -p 443 www.twitter.com
Resolving 'www.twitter.com'...
Connecting to '199.59.148.10:443'...
- Certificate type: X.509
 - Got a certificate list of 2 certificates.
 - Certificate[0] info:
  - subject `jurisdictionOfIncorporationCountryName=US,jurisdictionOfIncorporationStateOrProvinceName=Delaware,businessCategory=Private Organization,serialNumber=4337446,C=US,postalCode=94103-1307,ST=California,L=San Francisco,STREET=1355 Market St,O=Twitter\, Inc.,OU=Twitter Security,CN=twitter.com', issuer `C=US,O=Symantec Corporation,OU=Symantec Trust Network,CN=Symantec Class 3 EV SSL CA - G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-09-10 00:00:00 UTC', expires `2016-05-09 23:59:59 UTC', SHA-1 fingerprint `add53f6680fe66e383cbac3e60922e3b4c412bed'
 - Certificate[1] info:
  - subject `C=US,O=Symantec Corporation,OU=Symantec Trust Network,CN=Symantec Class 3 EV SSL CA - G3', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA256, activated `2013-10-31 00:00:00 UTC', expires `2023-10-30 23:59:59 UTC', SHA-1 fingerprint `e3fc0ad84f2f5a83ed6f86f567f8b14b40dcbf12'
- The hostname in the certificate matches 'www.twitter.com'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted

Just to be sure, I tried with the version of GnuTls I had just compiled on my other PC and this time it worked!
I don't think of myself as a person worth spying on, but if I did, those technical glitches would have me very worried.
Moral of the story:
keep calm and update your system

Q:Do Twitter really have several certificates?
A:Yes
Q:Does using a VPN changes something when you access HTTPS websites, a bit like when you use a HTTPS proxy?
A: No. The VPN shoudn't mess with HTTPS at all.
Q:Was I victim of some kind of MITM attack?
A:No
Q:And if it is one, why doesn't Firefox give me any kind of warning?
A:Because Firefox probably understand this X509 extension
Q:Why doesn't I have the same certificate in both cases?
A:Don't know, this still puzzles me
Q:Why doesn't the page display properly on my Kali Linux when I use the VPN? A:No answer yet