Curl / php Empty response from PayPal IPN url

人盡茶涼 提交于 2020-05-15 21:46:09

问题


In the past couple of days, our PayPal IPN has stopped working and receiving a empty response from PayPal. Nothing has changed on the server or in our code.

Attempting to cUrl to the PayPal IPN url simply returns an empty response.

$url = "https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13');

$data = curl_exec($ch);
curl_close($ch);

print $data;

The above should return "INVALID" and works as expected on my localhost and from other servers. Changing the url to any other domain other then PayPal also works without issues.

So it seems it only received the empty response from paypal.com

I wonder if any one has run into the issue or could give pointers where to look in the hope to- resolve it?

Kind Regards Musaffar


回答1:


It looks like Paypal made some security changes at the weekend. Some oscommerce users have been getting similar symptoms since Sunday with the curl error turning out to be:

SSL certificate problem: unable to get local issuer certificate

In their cases it was due to the local certificate copy only having the Paypal certificate and not the root or intermediate certificates, with the solution to update it.

The working certificate can be found in: OSCOM Phoenix github




回答2:


I would perhaps start checking if curl gave you any errors. PHP gives you in this case curl_errno($ch) and curl_error($ch) which will return a message or respectively the error code to it.

In case there is nothing suspicious to it. I would perhaps try to validate if you're able to run the above from your CLI on the server. (requires SSH access to it)

curl -H "User-Agent: ..." "https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate"

I hope this gives you a good starting point. Please let me know if this helps or if you need more ideas.

Edit#2: After comments where added from the author:

cUrl does indeed return an error : error 35 and the error message is as follows:

error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

In this case I would guess that your system is outdated and does not support the SSL ciphers from paypal. You could try to force a specific TLS version. As of today paypal webservers support only TLS1.2 or TLS1.3. This is how you can force it:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);

or

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3);

Additionaly @Preston PHX mentioned in a comment a good refernces for this issue coming from paypal:

  • https://github.com/paypal/TLS-update#php
  • https://developer.paypal.com/docs/api/info-security-guidelines/


来源:https://stackoverflow.com/questions/60266609/curl-php-empty-response-from-paypal-ipn-url

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!