[英]PayPal IPN Listener - SSL Certificate Handshake Failure
Running PHP 5.3.28 and curl 7.30.0 (OpenSSL/0.9.8y & libssh2/1.4.2) on Windows Server 2008 R2 using IIS. 使用IIS在Windows Server 2008 R2上运行PHP 5.3.28和curl 7.30.0(OpenSSL / 0.9.8y&libssh2 / 1.4.2)。
I'm creating a IPN listener for PayPal Instant Payment Notifications using their sandbox environment, but no matter what I do I get SSL certificate errors like: 我正在使用他们的沙盒环境为PayPal即时付款通知创建IPN侦听器,但是无论如何我都会收到SSL证书错误,例如:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败
Here is my code (where $fields
are the correct fields to POST
back): 这里是我的代码(其中
$fields
是正确的领域POST
回):
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.sandbox.paypal.com/cgi-bin/webscr';
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
if ($result = curl_exec($ch)) {
echo 'result = '.$result.'<br>';
} else {
echo 'result = '.$result.'<br>';
echo 'errno = '.curl_errno($ch).'<br>';
echo 'error = '.curl_error($ch).'<br>';
}
curl_close($ch);
So, I understand that the PayPal server requires TLS 1.2 and does not support SSL 2/3 , but I can't seem to get my POST
request to work. 因此,我知道PayPal服务器需要TLS 1.2,并且不支持SSL 2/3 ,但是我似乎无法使
POST
请求生效。 I've tried: 我试过了:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
...and I get the same error. ...我得到同样的错误。 I've also tried:
我也尝试过:
curl_setopt($ch, CURLOPT_SSLVERSION, n);
...which gets these results: ...得到以下结果:
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
35 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
4 OpenSSL was built without SSLv2 support
4 OpenSSL was built without SSLv2 support
35 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
35 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
35 error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
I also read somewhere to try this: 我也在某处阅读以尝试此操作:
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\\cacert.pem');
Where cacert.pem
is downloaded from http://curl.haxx.se/docs/caextract.html and placed in the same directory as my script. 从http://curl.haxx.se/docs/caextract.html下载
cacert.pem
并将其放置在与我的脚本相同的目录中。 This doesn't make any difference. 这没有任何区别。
Is my code correct..? 我的代码正确吗?
How do I make this work..? 我如何做这项工作..?
I have this working now, here's how: 我现在正在工作,方法如下:
cacert.pem
cacert.pem
Use curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
使用
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
to verify the certificate. 验证证书。
Upgrade to at least PHP 5.6.0 , which seems to bring along with it OpenSSL/1.0.1i . 至少升级到PHP 5.6.0 ,它似乎与OpenSSL / 1.0.1i一起提供。 I think at least OpenSSL version 1.0.1 is required to support TLS 1.2, which PayPal requires.
我认为至少要支持PayPal要求的TLS 1.2,才需要OpenSSL版本1.0.1。
cacert.pem
cacert.pem
Save cacert.pem from http://curl.haxx.se/docs/caextract.html locally (in my case to c:\\cert
), then update the PHP ini that you're using to reference cacert.pem
as shown here . 从http://curl.haxx.se/docs/caextract.html本地保存cacert.pem (在我的情况下为
c:\\cert
),然后更新用于引用cacert.pem
的PHP ini, 如下所示 。 Using the ini file saves you having to use curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\\cacert.pem');
使用ini文件省去了
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\\cacert.pem');
in every call. 在每个通话中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.