貝寶IPN捲曲返回 「SSL連接錯誤」

Question

我想在我的系統來實現IPN但顯示錯誤

SSL連接錯誤

TLS版本顯示TLS 1.0

據客戶的系統。我從貝寶網站下載了代碼。我目前正在測試它。

但它拋出錯誤

<?php 
    ini_set('display_errors', 1); 
    ini_set('display_startup_errors', 1); 
    error_reporting(E_ALL); 
    session_start(); 



    $ch = curl_init('https://www.howsmyssl.com/a/check'); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
    $data = curl_exec($ch); 
    curl_close($ch); 

    $json = json_decode($data); 
    echo $json->tls_version; 




    file_put_contents('NAB/paypal-ipn.txt', var_export($_POST, true)); 
    echo "ipn processing"; 
    // STEP 1: read POST data 
    // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST. 
    // Instead, read raw POST data from the input stream. 
    $raw_post_data = file_get_contents('php://input'); 
    $raw_post_array = explode('&', $raw_post_data); 
    $myPost = array(); 
    foreach ($raw_post_array as $keyval) { 
     $keyval = explode ('=', $keyval); 
     if (count($keyval) == 2) 
     $myPost[$keyval[0]] = urldecode($keyval[1]); 
    } 
    echo "<br>1"; 
    // read the IPN message sent from PayPal and prepend 'cmd=_notify-validate' 
    $req = 'cmd=_notify-validate'; 
    if (function_exists('get_magic_quotes_gpc')) { 
     $get_magic_quotes_exists = true; 
    } 
    echo "<br>2"; 
    foreach ($myPost as $key => $value) { 
     if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
     $value = urlencode(stripslashes($value)); 
     } else { 
     $value = urlencode($value); 
     } 
     $req .= "&$key=$value"; 
    } 
    echo "<br>3"; 
    // Step 2: POST IPN data back to PayPal to validate 
    $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); 
    //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr'); 
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); 
    curl_setopt($ch, CURLOPT_POST, 1); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req); 
    curl_setopt($ch, CURLOPT_SSLVERSION, 6); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
    curl_setopt($ch, CURLOPT_FORBID_REUSE, 1); 
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close')); 
    // In wamp-like environments that do not come bundled with root authority certificates, 
    // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set 
    // the directory path of the certificate as shown below: 
    // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); 
    echo "<br>3"; 
    if (!($res = curl_exec($ch))) { 
     error_log("Got " . curl_error($ch) . " when processing IPN data"); 
     echo curl_error($ch); 
     curl_close($ch); 
     //exit; 
    } 

Answer 1

如果「howsmyssl」報道稱，該系統只支持TLS 1.0版，它是可能的升級是必要的，以支持TLS 1.2。 curl_setopt($ch, CURLOPT_SSLVERSION, 6);正在請求TLS v 1.2（請參閱PHP Curl (with NSS) is probably using SSLv3 insted of TLS when connecting to https中的列表）。

此外，截至2011年6月30日，PayPal將要求TLS 1.2版（請參閱https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US和）。

通過更改爲curl_setopt($ch, CURLOPT_SSLVERSION, 4);，您也許能夠使用TLS v 1.0（直至2017/3/30）測試您的集成。

Answer 2

我在實現paypal ipn偵聽器代碼時遇到了類似的問題。該腳本將停止執行步驟2以您提供的代碼開始的位置。我通過從http://curl.haxx.se/docs/caextract.html下載cacert.pem來解決它。然後我將下載的文件複製到與paypalipnlistener.php相同的文件夾中，然後在paypalipnlistener.php // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');到curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');之間取消註釋以下代碼，並且腳本成功執行。