The interesting error is: error=unsupported certificate purpose
It's hard to say exactly what's wrong without seeing your exact configuration (especially on client side), but I'd guess the server.crt hasn't been created for server usage (a certificate can be created for server or client, or both, and each side can be told to check for the remote cert's usage, this is prevent a malicious client to present himself as a server)