I believe you have two problems, one with your code and one with your certificates.
The code issue is in your server. You are not specifying the CA to check client certificates with an options
property like you have in your client code:
ca: fs.readFileSync('ssl/ca.pem'),
The second problem is the one that really causes that DEPTH_ZERO_SELF_SIGNED_CERT
error. You are giving all your certificates – CA, server, and client – the same Distinguished Name. When the server extracts the issuer information from the client certificate, it sees that the issuer DN is the same as the client certificate DN and concludes that the client certificate is self-signed.
Try regenerating your certificates, giving each one a unique Common Name (to make the DN also unique). For example, name your CA certificate “Foo CA”, your server certificate the name of your host (“localhost” in this case), and your client something else (e.g. “Foo Client 1”).