ssl client cert verification fails in nginx

I am trying to setup ssl client authentication in nginx. I crated a self-signed root CA. Using that, I created a sub-CA. I used this sub-CA to create a certificate for a client. I concatenated the sub-CA and the root CA into a new file. I verified the client certificate as follows:

$ openssl verify -purpose sslclient -CAfile auth-root.crt testcert.crt
testcert.crt: OK

auth-root.crt is the concatendated sub and root CA; testcert.crt is the client certificate.

I pointed nginx to the auth-root.crt using ssl_client_certificate.

When I make an HTTP request using the testcert.crt certificate, nginx fails. I turned on debug logs and can see the following:

2012/06/21 22:58:47 [debug] 8901#0: *2 verify:0, error:2, depth:1, subject:"/C=US/ST=Florida/L=Tampa/O=Test org/OU=Test OU/CN=AuthCerts TestCA",issuer: "/C=US/ST=Florida/L=tampa/O=Test org/OU=Test OU/CN=Root TestCA"
2012/06/21 22:58:47 [debug] 8901#0: *2 verify:0, error:27, depth:1, subject:"/C=US/ST=Florida/L=Tampa/O=Test org/OU=Test OU/CN=AuthCerts TestCA",issuer: "/C=US/ST=Florida/L=tampa/O=Test org/OU=Test OU/CN=Root TestCA"
2012/06/21 22:58:47 [debug] 8901#0: *2 verify:1, error:27, depth:0, subject:"/C=US/ST=Florida/L=Tampa/O=Accelerated Concepts/OU=NetBridge/CN=030202",issuer: "/C=US/ST=Florida/L=Tampa/O=Test org/OU=Test OU/CN=AuthCerts TestCA"

You need to use the ssl_verify_depth directive set to at least 2 since your certificate chain requires two hops. For each other sub-CA between the root and the client certificates, you need to increase that number by one.