0

I am trying to implement ipn in my system but shows error

SSL connect error

TLS version shows TLS 1.0

It is a client's system. I downloaded the code from paypal website. I am currently testing it.

but it throws error 

    <?php
    ini_set('display_errors', 1);
    ini_set('display_startup_errors', 1);
    error_reporting(E_ALL);
    session_start();



    $ch = curl_init('https://www.howsmyssl.com/a/check');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $data = curl_exec($ch);
    curl_close($ch);

    $json = json_decode($data);
    echo $json->tls_version;




    file_put_contents('NAB/paypal-ipn.txt', var_export($_POST, true));
    echo "ipn processing";
    // STEP 1: read POST data
    // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
    // Instead, read raw POST data from the input stream.
    $raw_post_data = file_get_contents('php://input');
    $raw_post_array = explode('&', $raw_post_data);
    $myPost = array();
    foreach ($raw_post_array as $keyval) {
      $keyval = explode ('=', $keyval);
      if (count($keyval) == 2)
        $myPost[$keyval[0]] = urldecode($keyval[1]);
    }
    echo "<br>1";
    // read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
    $req = 'cmd=_notify-validate';
    if (function_exists('get_magic_quotes_gpc')) {
      $get_magic_quotes_exists = true;
    }
    echo "<br>2";
    foreach ($myPost as $key => $value) {
      if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
        $value = urlencode(stripslashes($value));
      } else {
        $value = urlencode($value);
      }
      $req .= "&$key=$value";
    }
    echo "<br>3";
    // Step 2: POST IPN data back to PayPal to validate
    $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
    //$ch = curl_init('https://www.paypal.com/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    curl_setopt($ch, CURLOPT_SSLVERSION, 6);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
    // In wamp-like environments that do not come bundled with root authority certificates,
    // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set
    // the directory path of the certificate as shown below:
    // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
    echo "<br>3";
    if ( !($res = curl_exec($ch)) ) {
       error_log("Got " . curl_error($ch) . " when processing IPN data");
       echo curl_error($ch);
      curl_close($ch);
      //exit;
    }
halfer
  • 19,824
  • 17
  • 99
  • 186
Sugumar Venkatesan
  • 4,019
  • 8
  • 46
  • 77

2 Answers2

1

If 'howsmyssl' is reporting that the systems supports only TLS v 1.0, it is likely that an upgrade is necessary to support TLS v 1.2. The curl_setopt($ch, CURLOPT_SSLVERSION, 6); is requesting TLS v 1.2 (see list in PHP Curl (with NSS) is probably using SSLv3 insted of TLS when connecting to https).

Also, as of June 30,2017, PayPal will be requiring TLS v 1.2 (see https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US and Php curl set ssl version).

You may be able to test your integration using TLS v 1.0 (until 6/30/2017) by changing to curl_setopt($ch, CURLOPT_SSLVERSION, 4);.

Community
  • 1
  • 1
rhill
  • 226
  • 3
  • 10
1

I had a similar problem problem when implementing the paypal ipn listener code. The script would stop executing where step 2 starts in the code you've provided. I solved it by downloading cacert.pem from http://curl.haxx.se/docs/caextract.html. Then I copied the downloaded file to the same folder as paypalipnlistener.php and then uncommented the following code in paypalipnlistener.php // curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); to curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem'); and the script executed successfully.

Euticus Mwangi
  • 11
  • 1