I am trying to setup Instant Payment Notifications in paypal and am having trouble with POSTing back to tls://www.sandbox.paypal.com during the verification phase.
I am using the code found here: https://developer.paypal.com/docs/classic/ipn/gs_IPN/
Yet, when I try to connect I am receiving these errors:
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in /htdocs/test.php
fsockopen(): Failed to enable crypto in /htdocs/test.php
I have read the info here and it seems that I am trying to connect using the wrong protocol or I have the wrong cert installed. My OpenSSL is version 1.0.1e.
Unfortunately, I have no idea how to debug this or install the correct cert if necessary
You don't need to install an SSL certificate. It's just that the software stack on your server needs to be updated.
Check this guide on the POODLE Vulnerability for more details.
Related
Symfony is throwing error when I try to send email. Apparently there is ssl certificate verification failure. The project is running on linux nginx server.
The .env file has following configuration.
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login
Error log
app.ERROR: Could not send mail: Failed sending mail to following
recipients: {{ recipients }} with Error: Connection could not be
established with host "ssl://mail.ourserver.de :465":
stream_socket_client(): SSL operation failed with code 1. OpenSSL
Error messages: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Error Code:0
Do I need to get ssl certificate for the domain in this case "mail.ourserver.de" and add cert and key in linux openssl configuration?
A hack to make it work! I have found it in stackoverflow answers, but not sure if it's a good practice and does that make the ssl connection vulnerable to attack?
verify_peer=false parameter
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login&verify_peer=false
If i disable verify_peer option, it does work, but Is ssl verification taking place when peer verification is set to false or it's being completely disabled?
It's failing to verify your server's certificate. There's a guide for checking and updating certificates here. (it's for PHPMailer but the parts regarding certificates are still relevant)
If you did not add a SSL certificate yourself, but use SSL, you probably have an autogenerated, self signed certificate in place.
Yes, you should assign a domain name to the server and get some valid, trusted SSL certificate for it. You can use the free LetsEncrypt service. The details depend on the mail server software.
Is there any way to create PHP SoapServer with local secure WSDL URL using self-signed SSL certificate? Following code:
$soapServer = new SoapServer("https://mysite.local/my-document?wsdl");
throws always exception:
SoapServer::SoapServer(): SSL operation failed with code 1. OpenSSL
Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
(/var/www/app/modules/generators/components/WsSoap.php:110)
I could not find anything on how to turn off SSL validation for SoapServer.
Most of issues are related to SoapClient, which is not the case.
I also want to avoid installing any ca.pem local files with valid certificates, because it would be difficult on many servers, just need to create SoapServer for one-time unit testing, don't care about valid/invalid local domain. Using PHP 7.0.19. Thank you.
For some reason, when I try to connect to paypal sandbox API and do SetExpressCheckout using my XAMPP server it fails.
I turned error reporting on and this is the message I get:
Warning: file_get_contents(https://api-3t.sandbox.paypal.com/nvp/): failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden
I've done some tests and it just does not make sense:
I can connect to the live API with correct credentials.
I can connect to the live API with incorrect credentials.
I cannot connect to the sandbox API with correct or incorrect credentials.
I can connect to live API and sandbox API using web browser using correct or incorrect credentials.
If I put in an invalid website name, it gives me a different warning (below).
Warning:
Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: No such host is known.
So why is it that when I connect to https://api-3t.sandbox.paypal.com/nvp/ using my local server there is no response? I have not changed the code and it still works with Paypal live so what's going on here suddenly?
From March 25 PayPal doesn't support HTTP/1.0, see details here. You can find helpfull this post
Sometimes my script, that sends push notifications crashes with error:
Warning: stream_socket_client() [function.stream-socket-client]: SSL
operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure
And sometimes everything is ok. I think this is not connected with certs or code. Cause I'm sending the same messages to the same devices and use the same algorithm. Any ideas ?
Regarding your question in the title - no, there's no guarantee that notifications will arrive.
I recently downloaded and installed "PHP for Android." I created a .php file that utilizes an SSL connection with port 2195. I followed a guide for writing a php server that sends push notifications to Apple's APNS, and SUCCESSfully ran it on my Mac. When I put both the .php and the .pem onto my Android phone in the same folder and tried to run it with the same WIFI connection, I get the following error message:
Error:14094410:SSL routines:func(148):reason(1040) in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Warning: stream_socket_client(): Failed to enable crypto in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Does anyone have any ideas of how I can fix this?
THANKS!
I had the SSL error on my Windows desktop, with a PHP script that accessed a HTTPS resource.
The solution was to enable the openssl extension. So maybe it's the same kind of problem you have here, something related to opensll on Php for Android.
I'm not sure how to fix it, but Google has it's own push notification framework. There is an example here: http://code.google.com/android/c2dm/
Edit to Answer:
I think that most likely the problem has to do with the certificates needed to make the call over SSL. It is possible that the PHP for Android app does not have permissions to access security certificates you need.