> Any idea what's wrong here? And, should I be able to get this to work using
> different CAs for the client and server certs?

I think the file name in your ca-dir will be the problem.
Btw.: if you want to test tls settings divided from syslog-ng, then you can
always use this two commands:
openssl s_client -connect host:port -key keyfile.key -cert certfile.crt -CApath /your/ca/dir
And to emulate the server side:
openssl s_server -accept port -key keyfile.key -cert certfile.crt -CApath /your/ca/dir