The right magic for Netscape to send the client certificate?

[Julio Sánchez Fernández <j_sanchez@stl.es>]

I do not manage to convince Netscape to send the client certificate.
The certificate is in the Netscape cert database, but I don't
manage to convince Netscape to send it to the server.  I get:

TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate s3_srvr.c:1531

On the other hand, if I use s_client, the certificate is being sent
correctly to the sender.

It is obvious that there is some magic incantation needed so that
Netscape does the right thing, but I don't get it.

The certificate imported into Netscape was generated with:

openssl pkcs12 -export -in newcert.pem -inkey newreq.pem \
	-certfile demoCA/cacert.pem -out /home/j_sanchez/newcert.p12 \
	-name 'Pruebas LDAP'

The certificate itself (newcert.pem) looks like:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=ES, ST=Madrid, L=Madrid, O=STL, CN=Autoridad de trap 2
        Validity
            Not Before: Jul 20 11:24:22 1999 GMT
            Not After : Jul 19 11:24:22 2000 GMT
        Subject: C=ES, ST=Madrid, L=Madrid, O=STL, CN=Julio Sanchez
Fernandez/Email=j_sanchez@stl.es
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:a7:fe:42:3e:91:14:6e:f3:b3:c8:bc:3d:51:22:
                    ae:54:a9:9f:8d:66:8a:e2:2a:39:e6:f6:88:f5:34:
                    25:23:5d:10:e2:75:78:84:76:22:d2:f9:52:c1:eb:
                    87:c7:bf:c0:a0:49:61:cb:c6:8e:fa:10:76:59:0c:
                    4d:7c:15:40:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Cert Type: 
                SSL Client, S/MIME
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
               
F6:30:AB:72:99:78:E0:BF:C1:70:A9:F4:83:B3:E7:DB:4D:EB:ED:A9
            X509v3 Authority Key Identifier: 
               
keyid:B1:06:1E:9C:F8:62:75:3C:28:2D:8D:8D:70:26:DB:C6:08:C9:6D:CE
                DirName:/C=ES/ST=Madrid/L=Madrid/O=STL/CN=Autoridad de
trap 2
                serial:00

            X509v3 Subject Alternative Name: 
                email:j_sanchez@stl.es
            X509v3 Issuer Alternative Name: 
                <EMPTY>

    Signature Algorithm: md5WithRSAEncryption
        14:55:dc:81:42:57:44:d6:39:e0:dd:42:68:f8:b3:cc:a3:1c:
        ba:21:87:e8:d2:40:ae:5d:33:f3:17:4d:61:aa:0b:70:e3:45:
        64:10:1d:c7:01:74:52:70:10:ca:8a:4b:97:be:f8:c0:03:d2:
        81:ae:07:36:d6:9c:ad:f8:a9:78
-----BEGIN CERTIFICATE-----
MIIC+TCCAqOgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJFUzEP
MA0GA1UECBMGTWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDDAKBgNVBAoTA1NUTDEc
MBoGA1UEAxMTQXV0b3JpZGFkIGRlIHRyYXAgMjAeFw05OTA3MjAxMTI0MjJaFw0w
MDA3MTkxMTI0MjJaMIGAMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMQ8w
DQYDVQQHEwZNYWRyaWQxDDAKBgNVBAoTA1NUTDEgMB4GA1UEAxMXSnVsaW8gU2Fu
Y2hleiBGZXJuYW5kZXoxHzAdBgkqhkiG9w0BCQEWEGpfc2FuY2hlekBzdGwuZXMw
XDANBgkqhkiG9w0BAQEFAANLADBIAkEAp/5CPpEUbvOzyLw9USKuVKmfjWaK4io5
5vaI9TQlI10Q4nV4hHYi0vlSweuHx7/AoElhy8aO+hB2WQxNfBVAOQIDAQABo4IB
KjCCASYwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXg
MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQU9jCrcpl44L/BcKn0g7Pn203r7akwgYMGA1UdIwR8MHqAFLEGHpz4
YnU8KC2NjXAm28YIyW3OoV+kXTBbMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFk
cmlkMQ8wDQYDVQQHEwZNYWRyaWQxDDAKBgNVBAoTA1NUTDEcMBoGA1UEAxMTQXV0
b3JpZGFkIGRlIHRyYXAgMoIBADAbBgNVHREEFDASgRBqX3NhbmNoZXpAc3RsLmVz
MAkGA1UdEgQCMAAwDQYJKoZIhvcNAQEEBQADQQAUVdyBQldE1jng3UJo+LPMoxy6
IYfo0kCuXTPzF01hqgtw40VkEB3HAXRScBDKikuXvvjAA9KBrgc21pyt+Kl4
-----END CERTIFICATE-----

Any hint?

Julio