How to make Apache trust a client certificate using an unknown CA, without validating the CA

Your error message clearly shows the cause right here: "depth 1". You've set SSLVerifyDepth 0 which per manual means that:

self-signed client certificates are accepted only

To check if client cert is as expected, and without the chain validation, try something like this:

SSLVerify none
SSLRequire (   %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd."  and %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/  )

I really hate responses that suggest alternatives that don't actually answer the question but... if you don't want to (or can't because they won't provide it) accept their CA for their cert, then you should issue them the cert from your own CA. This would fix the problem of not only them not providing signer cert, but would also prevent you from having to trust a strange CA.