SSLVerifyDepth explaination

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslverifydepth

... The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate.
A depth of 0 means that self-signed client certificates are accepted only,
the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under SSLCACertificatePath), etc.

A depth of 2 means that certificates signed by a (single level of) intermediate CA are accepted i.e. by an intermediate CA, whose CA certificate is signed by a CA directly known to the server.

As per my tests (see this comment) and this answer, the certificate chain verification in apache works like this:

current_certificate := client_certificate_from_request
current_depth := 0
LOOP
  if current_certificate IS self-signed (ie. root)
    if current_certificate IS IN SSLCACertificateFile
      THEN RETURN true // cert is accepted as valid
      ELSE RETURN false // validation failed
    end if
  end if

  current_certificate := current_certificate.getIssuer()
  current_depth += 1
  if current_depth > SSLVerifyDepth
    THEN RETURN false // validation failed
END LOOP // repeat

In words:

The final root certificate must be in the SSLCACertificateFile (or alternatively in SSLCACertificatePath) otherwise the client certificate is not accepted valid. The SSLVerifyDepth parameter limits how far the chain will apache look. If the limit is reached, the certificate is rejected.

The intermediate certificates listed in SSLCACertificateFile only affect building the chain (for example when the client does not send the full chain, so without those listed on the SSLCACertificateFile apache httpd would not have a way to reach the root certificate), but the validity depends only on the presence of the root certificate in SSLCACertificateFile.