[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AuthzSVNAccessFile: character not allowed

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2006-09-18 17:08:21 CEST

On 9/16/06, Tobias Sager <moixa@gmx.ch> wrote:
> Hi all,
>
> after upgrading from subversion 1.3.2 to 1.4.0 on my gentoo box, my
> AuthzSVNAccessFile stopped working.
>
> When accessing the repository through dav in apache 2.0.58 over ssl, I
> get a 403 (forbidden) and this error message in my apache log:
> <snip>
> [Sat Sep 16 22:40:48 2006] [error] [client 192.168.11.1] Failed to load
> the AuthzSVNAccessFile: The character 'm' in rule 'ssl-authority-files'
> is not allowed in authz rules
> [Sat Sep 16 22:40:48 2006] [error] [client 192.168.11.1] Access denied:
> 'foo' GET repos:/
> </snip>
>
> My access file looks like this:
> <snip>
> [global]
> ssl-trust-default-ca = true
> ssl-authority-files = /var/svn/conf/cacert3.pem
> ...
> </snip>
>
> As soon as I remove the two ssl-* lines, the installation works fine
> again. Intrestingly enough the error message always declares the last
> character on the last configuration line of the global section as
> invalid (that is 'e' when I remove the ssl-authority-files line for
> example).
>
> Did I miss anything in the upgrade process? Did the configuration change?

The SVNAuthzAccessFile has never taken directives like
ssl-trust-default-ca or ssl-authority-files, those are from the
per-user ~/.subversion/servers file. You're getting an error now
because mod_authz_svn got more strict about parsing config files, and
now complains if it sees something on the right side of the = sign
that it doesn't understand.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Sep 18 17:10:20 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.