Thanks Jason,
With a more specific error message raised by github latest code [thanks!] the problem became clear.
I suggest to change the documentation of 'optionsForClientTLS' -
from:
ctx = ssl.optionsForClientTLS(hostName, trustRoot=root, clientCertificate=mycert)
to:
ctx = ssl.optionsForClientTLS(commonName, trustRoot=root, clientCertificate=mycert)
That is, what this ctx (the contextFactory) really expects is the server's certificate commonName which often is, but not in my case, the server's hostName.
Interestingly, Python's standard ssl package does not verify this field.