3

Using 1and1 web hosting

The error message

Can't connect to PayPal to validate IPN message: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

test form

<form action="http://dev.myurlishere.com/ipn.php" method="POST">
  <input name="mc_gross" type="hidden" value="500.00" />
  <input name="custom" type="hidden" value="some custom data" />
  <input name="address_status" type="hidden" value="confirmed" />
  <input name="item_number1" type="hidden" value="6" />
  <input name="item_number2" type="hidden" value="4" />
  <input name="payer_id" type="hidden" value="FW5W7ZUC3T4KL" />
  <input name="tax" type="hidden" value="0.00" />
  <input name="address_street" type="hidden" value="1234 Rock Road" />
  <input name="payment_date" type="hidden" value="14:55 15 Jan 07 2005 PST" />
  <input name="payment_status" type="hidden" value="Completed" />
  <input name="address_zip" type="hidden" value="12345" />
  <input name="mc_shipping" type="hidden" value="0.00" />
  <input name="mc_handling" type="hidden" value="0.00" />
  <input name="first_name" type="hidden" value="Jason" />
  <input name="last_name" type="hidden" value="Anderson" />
  <input name="mc_fee" type="hidden" value="0.02" />
  <input name="address_name" type="hidden" value="Jason Anderson" />
  <input name="notify_version" type="hidden" value="1.6" />
  <input name="payer_status" type="hidden" value="verified" />
  <input name="business" type="hidden" value="paypal@emailaddress.com" />
  <input name="address_country" type="hidden" value="United States" />
  <input name="num_cart_items" type="hidden" value="2" />
  <input name="mc_handling1" type="hidden" value="0.00" />
  <input name="mc_handling2" type="hidden" value="0.00" />
  <input name="address_city" type="hidden" value="Los Angeles" />
  <input name="verify_sign" type="hidden" value="AlUbUcinRR5pIo2KwP4xjo9OxxHMAi6.s6AES.4Z6C65yv1Ob2eNqrHm" />
  <input name="mc_shipping1" type="hidden" value="0.00" />
  <input name="mc_shipping2" type="hidden" value="0.00" />
  <input name="tax1" type="hidden" value="0.00" />
  <input name="tax2" type="hidden" value="0.00" />
  <input name="txn_id" type="hidden" value="TESTER" />
  <input name="payment_type" type="hidden" value="instant" />
  <input name="last_name=Borduin" type="hidden" />
  <input name="payer_email" type="hidden" value="test@domain.com" />
  <input name="item_name1" type="hidden" value="Rubber+clog" />
  <input name="address_state" type="hidden" value="CA" />
  <input name="payment_fee" type="hidden" value="0.02" />
  <input name="item_name2" type="hidden" value="Roman sandal" />
  <input name="invoice" type="hidden" value="123456" />
  <input name="quantity" type="hidden" value="1" />
  <input name="quantity1" type="hidden" value="1" />
  <input name="receiver_id" type="hidden" value="5HRS8SCK9NSJ2" />
  <input name="quantity2" type="hidden" value="1" />
  <input name="txn_type" type="hidden" value="web_accept" />
  <input name="mc_gross_1" type="hidden" value="0.01" />
  <input name="mc_currency" type="hidden" value="USD" />
  <input name="mc_gross_2" type="hidden" value="0.01" />
  <input name="payment_gross" type="hidden" value="0.02" />
  <input name="subscr_id" type="hidden" value="PP-1234" />
  <input name="test" type="submit" value="test" />
</form>

ipn.php

<?php
// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);
define("LOG_FILE", "./ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
    $keyval = explode ('=', $keyval);
    if (count($keyval) == 2)
        $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
    $get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
        $value = urlencode(stripslashes($value));
    } else {
        $value = urlencode($value);
    }
    $req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
    $paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
    $paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
    return FALSE;
}
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if(DEBUG == true) {
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
    {
    if(DEBUG == true) { 
        error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
    }
    curl_close($ch);
    exit;
} else {
        // Log the entire HTTP response if debug is switched on.
        if(DEBUG == true) {
            error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
            error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
        }
        curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
    // check whether the payment_status is Completed
    // check that txn_id has not been previously processed
    // check that receiver_email is your PayPal email
    // check that payment_amount/payment_currency are correct
    // process payment and mark item as paid.
    // assign posted variables to local variables
    //$item_name = $_POST['item_name'];
    //$item_number = $_POST['item_number'];
    //$payment_status = $_POST['payment_status'];
    //$payment_amount = $_POST['mc_gross'];
    //$payment_currency = $_POST['mc_currency'];
    //$txn_id = $_POST['txn_id'];
    //$receiver_email = $_POST['receiver_email'];
    //$payer_email = $_POST['payer_email'];

    if(DEBUG == true) {
        error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
    }
} else if (strcmp ($res, "INVALID") == 0) {
    // log for manual investigation
    // Add business logic here which deals with invalid IPN messages
    if(DEBUG == true) {
        error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
    }
}
?>
Tsukasa
  • 6,342
  • 16
  • 64
  • 96

1 Answers1

3

I believe that the reason you get this error is because you are using SSL v3, which has severe security issues and therefore is not supported by any serious website anymore. (more information here: http://disablessl3.com/)

in your above code, you specify

curl_setopt($ch, CURLOPT_SSLVERSION, 4);

however, in the error message, it says 

 sslv3 alert handshake failure

so obviousely ssl v3 was used by PHP. instead try

curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1")

as indicated here: SSL error can not change to TLS

hope that helps you

Community
  • 1
  • 1
Matthias
  • 2,622
  • 1
  • 18
  • 29
  • changed but still get same error. I have also tried curl_setopt($ch, CURLOPT_SSLVERSION, 6); which said it should be TLS1.2 – Tsukasa Jan 22 '16 at 20:55
  • 2
    my next assumption would be that your host has a very old version of mod_curl installed? your php_info() should the libcurl version in the CURL section (for me it's the second row in the table, titled "Curl Information"). you can find the version history here: http://curl.haxx.se/docs/releases.html if your version is veery old, then the issue might be that nothing newer is supported. (in which case curl would probably fall back to ssl v3) – Matthias Jan 22 '16 at 21:03
  • 7.21.0 Jun 16 2010 5.5 years – Tsukasa Jan 22 '16 at 21:07
  • @Tsukasa did you manage to solve this? 1&1 updated libcurl or how did you do it? – viktor77 Mar 11 '16 at 11:42
  • @viktor77 the steps above would be for cURL but I switched to using fsockopen for communication. – Tsukasa Mar 11 '16 at 12:16