Other SOTA sites: SOTAwatch | SOTA Home | Database | Video | Photos | Shop | Mapping | FAQs | Facebook | Contact SOTA

SOTA CSV Editor Updating Summits Database

I have today noticed what appears to be a recent change on the SotaData site is causing a problem for updating the database for my SOTA CSV Editor (it worked on 14th January the last time I updated my own Database).

The problem is that the download of SummitsList.csv from the http version of the SotaData site redirected to the https version of the site and the curl library used in SOTA CSV Editor is unable to validate the SSL Certificate and so generates an Error (Errorcode 60).

Until I can manage to fathom out how to make the curl library accept the SSL Certificate for SotaData site, the following process will be required to update the Database for SOTA CSV Editor:

  • Ensure that SOTA CSV Editor is closed
  • Using you favourite web browser go to the https://www.sotadata.org.uk/summits.aspx page or https://newsotadata.sota.org.uk/en/summit/list, at the bottom click the link to download the Summits List and Save the file in your ‘SOTA Logs’ folder (replacing the exsiting one).
  • Click the Windows Start Menu and look for ‘SOTA CSV2MDB’ and open it, this should find the downloaded Summits list and use that to update the Database.
  • You can then use SOTA CSV Editor as normal.

Stewart G0LGS

Stewart, the old website is closing in 28days. It’s probably not worth your time to make changes to your code apart from the satisfaction from supporting your users to the end of life of the old database site.

Andy,

I see that the link on the New database site for the CSV still points to the SotaData site and I was kind of assuming that the download will still be https after the changes and so I will still need to make the program able to download from https enabled site no matter where the eventual download is from.

Stewart.

Hi Stewart,
I folowed your process but in SOTA_CSV2MDB I got the message “The CSV should not need updating (as it is less than 24 hours old)”.
The process continued and completed successfully in any case - I presume the message is simply due to the fact that I manually downloaded the summits list file, rather than the SOTA_CSV2MDB doing it?

73 Ed.

P.S. This manual process certainly worked as I can select the latest Brazialian summit without any problem:

Ed,

Yes - that is just the program saying it should not need to download the latest version.

Hi Steward,

curl can ignore certificates if this is what you want:

curl --insecure
or ‘curl -k’

73 Joe

Joe,

I was hoping to make the mingw32 curl Library (from https://curl.haxx.se/) correctly accept the CA , but I’ve not yet worked out how to do that.

That is of course the serious way.
Not sure that I can help there.

That’s true, you will need to do anyway. Not sure how we are doing the https on the old one but it will probably be different from the new one. So I would only work on the new one. IIRC the new one redirects to the old one but there is a real CSV generated on the new one but I can’t remember where! A search on here may show the link.

There’s examples for libcurl, but like many examples, they assume you know what you should do anyway!

1 Like

You will need to import the root certificate chain for Let’s Encrypt into your root CA under Mingw32 (wherever it’s looking for that).

I don’t see that it is a Mingw32 matter as such (as it is libcurl that is doing the work).

I cannot get the latest libcurl version to even link in my Mingw32 project (I just get lots of errors about missing http2 functions).

I have given up (for the time being) trying to fathom out how to get libcurl to accept the certificate (as I have failed to find relevant and understandable documentation) and just issued a changed version of SOTA CSV Editor that does not verify the SSL certificate.

https://curl.haxx.se/docs/sslcerts.html

Add the stuff from the first link as the CA in the stuff in the second link.

I looked at that about 6 times earlier today.

Having looked again it seems I would have have to include the certificate download from your first link in the files installed by the SOTA CSV Editor installer and re-build the code to load it (just seems too messy).

OK, download https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt and store it somewhere, say, a directory called “capath”.

Then, in your code, use the following line when you create the curl handle:
curl_easy_setopt(curl, CURLOPT_CAPATH, capath);

(or however you set your libcurl options)

Then it should use the intermediate signed cert as a CA cert and accept the Let’s Encrypt cert.

Alternatively, since it appears your libcurl version is ancient, you could download the CA cert bundle that’s available in the newest version from here: https://curl.haxx.se/docs/caextract.html

And either overwrite the existing cacert.pem file that comes with libcurl (wherever that is stored), or point your code to the new bundle:

curl_easy_setopt(curl, CURLOPT_CAINFO, capath);

The latter alternative is probably a better option if you have other libcurl uses, as an ancient cacert.pem is of little use in a growing SSL environment.

Unless I’m missing something that is just too messy as I would need to include the PEM in my installation program so it gets installed so that that libcurl can find it at run time.

There is no cacert.pem in my libcurl folders.

Dropping the mozilla cacert.pem from the second link into the install directory is no different to installing another configuration file.

Without that, you’ll never verify an SSL site. You can either drop the file in the same directory as the software you install and use the path in CURLOPT_CAINFO, or you can ignore verification. The latter is considered very poor form. The former is one extra file, licensed to be distributable, so hardly messy.

With the help of Andrew - shedding light on the Docs - An updated version 1.5.6.9 is now available that solves the issue of downloading from HTTPS enabled sites.

You should be able to update from the existing installed version:

Help -> About -> Check for Update

or use the direct download at:

https://www.g0lgs.co.uk/soft_info.php?AppName=sotacsveditor

Stewart G0LGS

1 Like

For some reason that I do not yet fully understand a change to the Certificate on the sotadata.org.uk site means that SOTA CSV Editor is again unable to download updates to the Summits List.

Following the Instructions in my first post in this thread should once again allow users to update the Summits list for SOTA CSV Editor should they need too.

I am informed that this should be sorted shortly.

Stewart G0LGS

This should now be fixed.

This was caused due to the fact that due to other software requirements, the new database server is running CentOS 7.7, which has an older version of the web server software that does not, by default, send the entire certificate chain when requested. I have now updated the configuration to send the full certificate chain and I suspect this will also resolve the SOTA Goat issue too.