问题
In the past couple of days, our PayPal IPN has stopped working and receiving a empty response from PayPal. Nothing has changed on the server or in our code.
Attempting to cUrl to the PayPal IPN url simply returns an empty response.
$url = "https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13');
$data = curl_exec($ch);
curl_close($ch);
print $data;
The above should return "INVALID" and works as expected on my localhost and from other servers. Changing the url to any other domain other then PayPal also works without issues.
So it seems it only received the empty response from paypal.com
I wonder if any one has run into the issue or could give pointers where to look in the hope to- resolve it?
Kind Regards Musaffar
回答1:
It looks like Paypal made some security changes at the weekend. Some oscommerce users have been getting similar symptoms since Sunday with the curl error turning out to be:
SSL certificate problem: unable to get local issuer certificate
In their cases it was due to the local certificate copy only having the Paypal certificate and not the root or intermediate certificates, with the solution to update it.
The working certificate can be found in: OSCOM Phoenix github
回答2:
I would perhaps start checking if curl gave you any errors. PHP gives you in this case curl_errno($ch) and curl_error($ch) which will return a message or respectively the error code to it.
In case there is nothing suspicious to it. I would perhaps try to validate if you're able to run the above from your CLI on the server. (requires SSH access to it)
curl -H "User-Agent: ..." "https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate"
I hope this gives you a good starting point. Please let me know if this helps or if you need more ideas.
Edit#2: After comments where added from the author:
cUrl does indeed return an error : error 35 and the error message is as follows:
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
In this case I would guess that your system is outdated and does not support the SSL ciphers from paypal. You could try to force a specific TLS version. As of today paypal webservers support only TLS1.2 or TLS1.3. This is how you can force it:
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
or
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3);
Additionaly @Preston PHX mentioned in a comment a good refernces for this issue coming from paypal:
- https://github.com/paypal/TLS-update#php
- https://developer.paypal.com/docs/api/info-security-guidelines/
来源:https://stackoverflow.com/questions/60266609/curl-php-empty-response-from-paypal-ipn-url