I am working on the paypal ipn script in one of my applications hosted on a Digital Ocean's box with Centos 7.
When i try to connect to the paypal sandbox api i get the error "Cannot connect: SSL is disabled."
I have tried several things like adding the path of the curl.cainfo in my php.ini file like so
curl.cainfo = /etc/pki/tls/certs/ca-bundle.trust.crt
this is what my cURL script looks like
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); // change to [...]sandbox.paypal[...] when using sandbox to test
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'ecdhe_rsa_aes_128_gcm_sha_256');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
I have not got much experience with Linux server setup so I am learning as i go along.
Any help or guide is much appreciated
UPDATE : when i run the this command in the command line
curl --version https://sandbox.paypal.com/cgi-bin/webscr
i get this error
curl: (1) Protocol "https" not supported or disabled in libcurl
Also the command curl --version
displays curl 7.42.1 (x86_64-unknown-linux-gnu) libcurl/7.46.0
So i am guessing the new question would be how to enable https in libcurl?
You're setting the wrong SSL version:
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
The Paypal sandbox only supports TLS 1.2 (which is CURLOPT_SSLVERSION == 6). The correct SSL version will be used automatically if you use PHP 5.5.19+ and OpenSSL 1.0.1+, or you can force it yourself with the following (still requires OpenSSL 1.0.1+):
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
I would only expect to see Protocol "https" not supported or disabled in libcurl if this were running a libcurl not installed from rpm - or if whoever configured the machine deliberately broke it for a valid reason, or was very incompetent; the Centos 7 rpm for libcurl has openSSL as a requirement.
Understanding what happened here and remediation will require root access to the target host to install software. You didn't say what access you have on the target system, and you are presumably paying Digital Ocean for support. Unless you broke it yourself, you should be asking Digital Ocean to fix it.
I was able to solve this problem with the help of one my friends with a lot of Linux experience. Apparently this was an issue with the version of cURL installed on my Digital Ocean box.
So the solution was to remove the version of cURL i had installed which was not installed correctly because i had built the binaries my self.
I installed the problematic cURL using these commands
wget -O curl.tar.gz http://curl.haxx.se/download/curl-7.42.0.tar.gz
tar -xvzf curl.tar.gz
cd curl-7.42.0
./configure
make
make install
I removed the problematic cURL that had https issues like this
which curl
(To tell me where the executable was located and it was located in usr/local/bin/curl)
Then i did
sudo rm -f /usr/local/bin/curl
(To remove the cURL giving issues)
Then i used the command
sudo yum install curl php5-curl
This installed cURL correctly for me. The i ran
curl --version
To confirm that https is now supported in the cURL version and it was.
I logged out of my droplet and logged back in. Then tried the
curl --version "https://sandbox.paypal.com/cgi-bin/webscr"
command and everything worked. I was able to connect to Paypal.
Thanks to everyone for their help and comments.
I think you need to enable fopen socket.You can ask hosting provider
Related
This is my first crack at UPS tracking and I am getting absolutely nothing. I see 200 in the network tab, but that is from my server, serving up the page.
Do you see anything wrong with the following code:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// UPS SHIP ORDER TRACKING
$xmlRequest1='<?xml version="1.0"?>
<AccessRequest xml:lang="en-US">
<AccessLicenseNumber>my access key</AccessLicenseNumber>
<UserId>my user id</UserId>
<Password>my password</Password>
</AccessRequest>
<?xml version="1.0"?>
<TrackRequest xml:lang="en-US">
<Request>
<TransactionReference>
<CustomerContext>Your Test Case Summary
Description</CustomerContext>
<XpciVersion>1.0</XpciVersion>
</TransactionReference>
<RequestAction>Track</RequestAction>
<RequestOption>activity</RequestOption>
</Request>
<TrackingNumber>1Z12345E0205271688</TrackingNumber>
</TrackRequest>';
try
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://wwwcie.ups.com/ups.app/xml/Track");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlRequest1);
curl_setopt($ch, CURLOPT_TIMEOUT, 3600);
echo $xmlResponse = curl_exec ($ch); // TRACKING RESPONSE
}
catch(Exception $ex)
{
print_r("Exception: " . $ex);
}
Whether I serve it in http or if go command line php post_track_ups_2.php, there is nothing being printed or echoing. Shouldn't I see something?
There is a 404 for the favicon, but that's nothing. This should work! Shouldn't there be an exception thrown at least? Something!
The tracking number is from UPS documentation page 7 "Tracking Web Service Developer Guide"
Thanks in advance
As with all the comments, you can see that the issue had to do with not using the latest openssl, which has tsl 1.2 that UPS and others look for to have secure cURL post & respond.
Just in case anyone else goes through this, here are the steps that I took to make my mac os 10.10 working in compliance.
First, I downloaded the latest openssl from openssl.org and installed - you can google for better instructions than I could give, but basically make sure your brew is up to date and use it to install.
That will get the latest openssl on CLI (command line interface), but it will not work with apache/php web browser. I discovered this by making a phpInfo() page and, to my shock, it still read 0.9.8zf
After a lot of reading, this is what I did:
cd into the openssl directory that you expanded after download
Your paths maybe different than mine, so adjust accordingly:
cd /Users/<home directory>/Downloads/openssl-1.0.2q
./Configure darwin64-x86_64-cc -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make
make test
make install
brew install php --with-apache --with-homebrew-curl --with-homebrew-libxslt --with-homebrew-openssl --without-snmp
set path - /usr/local/Cellar/php56/5.6.9/bin/php in httpd-ssl.conf
also export /usr/local/Cellar/php56/5.6.9/bin/php in ~/.bash_profile
source ~/.bash_profile
insert the following line into httpd.conf
LoadModule php5_module /usr/local/Cellar/php56/5.6.9/libexec/apache2/libphp5.so
sudo apachectl restart
Thanks to all who commented. One thing lead to another to get to this point and I thank you all.
I'm trying to fetch the contents of a page using CURL. The page that is doing the fetching is https and the page it is trying to fetch is also https. I'm getting an error "Couldn't resolve host" with all of the settings I try.
$c=curl_init();
curl_setopt($c, CURLOPT_URL,$url);
//curl_setopt($c, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:x.x.x) Gecko/20041107 Firefox/x.x");
curl_setopt ($c, CURLOPT_RETURNTRANSFER, TRUE);
//curl_setopt($c, CURLOPT_SSL_VERIFYPEER, TRUE);
//curl_setopt($c, CURLOPT_SSL_VERIFYHOST, TRUE);
curl_setopt($c, CURLOPT_HEADER, FALSE);
$html=curl_exec($c);
if($html === false) {
echo curl_error($c);
}
else {
echo 'Operation completed without any errors';
}
curl_close($c);
Any ideas?
I found that curl can decide to use IPv6, in which case it tries to resolve but doesn't get an IPv6 answer (or something to that effect) and times out.
You can try the curl command line switch -4 to test this out:
curl -4 http://x.com
In PHP, you can configure this line by setting this:
curl_setopt($c, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
Official manual page for this option: https://curl.se/libcurl/c/CURLOPT_IPRESOLVE.html
Maybe a DNS issue?
Try your URL against this code:
$_h = curl_init();
curl_setopt($_h, CURLOPT_HEADER, 1);
curl_setopt($_h, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($_h, CURLOPT_HTTPGET, 1);
curl_setopt($_h, CURLOPT_URL, 'YOUR_URL' );
curl_setopt($_h, CURLOPT_DNS_USE_GLOBAL_CACHE, false );
curl_setopt($_h, CURLOPT_DNS_CACHE_TIMEOUT, 2 );
var_dump(curl_exec($_h));
var_dump(curl_getinfo($_h));
var_dump(curl_error($_h));
I had the same problem. Coudn't resolve google.com. There was a bug somewhere in php fpm, which i am using. Restarting php-fpm solved it for me.
Just a note which may be helpful- I was having this trouble with Apache on my laptop (which connects by wifi AFTER startup), and restarting the server (after connect) fixed the issue. I guess in my case this may be to do with apache starting offline and perhaps there noting that DNS lookups fail?
There is a current bug in glibc on Ubuntu which can have this effect:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1674733
To resolve it, update libc and all related (Packages that will be upgraded: libc-bin libc-dev-bin libc6 libc6-dev libfreetype6 libfreetype6-dev locales multiarch-support) and restart the server.
We need to add host security certificate to php.ini file. For local developement enviroment we can add cacert.pem in your local php.ini.
do phpinfo(); and file your php.ini path open and add uncomment ;curl.capath
curl.capath=path_of_your_cacert.pem
If you do it on Windows XAMPP/WAMP it probaly won't work as in my case.
I solved the problem setting up Laravel's Homestead/Vagrant solution to create my (Ubuntu) development environment - it has built-in: Nginx, PHP 5.6, PHP 7.3, PHP 7.2, PHP 7.1, MySQL, PostgreSQL, Redis, Memcached, Node... to name just a few.
See here for info how to set up the environment - it's really worth the effort!
Laravel Homestead is an official, pre-packaged Vagrant box that provides you a wonderful development environment without requiring you to install PHP, a web server, and any other server software on your local machine. No more worrying about messing up your operating system! Vagrant boxes are completely disposable. If something goes wrong, you can destroy and re-create the box in minutes!
Then you can easily switch PHP versions or set up more virtual hosts, new databases just in seconds.
After tried all above, still can't resolved my issue yet.
But got new solution for my problem.
At server where you are going to make a request, there should be a entry of your virtual host.
sudo vim /etc/hosts
and insert
192.xxx.x.xx www.domain.com
The reason if you are making request from server to itself then, to resolve your virtual host or to identify it, server would need above stuff, otherwise server won't understand your requesting(origin) host.
Your getting the error because you're probably doing it on your Local server environment. You need to skip the certificates check when the cURL call is made. For that just add the following options
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
You may have to enable the HTTPS part:
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
And if you need to verify (authenticate yourself) you may need this too:
curl_setopt($c, CURLOPT_USERPWD, 'username:password');
add yourlocalhost
ex. 127.0.0.1 cards.localhost
in the /etc/hosts directory.
Now restart apache server
I tried to downlaod and install Symfony on a server at my company...
c:\> php -r "readfile('http://symfony.com/installer');" > symfony
..and got the following error (partly German, but you'll get the idea):
PHP Warning: readfile(http://symfony.com/installer): failed to open stream: Es konnte keine Verbindung hergestellt werd en, da der Zielcomputer die Verbindung verweigerte.
in Command line code on line 1
So I downloaded it manually over the browser (which worked fine) and tried to create a new site:
php symfony.phar new blog
Now I got this error:
[RuntimeException]
There was an error downloading Symfony from symfony.com server:
Client error response [url] http://symfony.com/download?v=Symfony_Standard_Vendors_latest.tgz [status code] 407 [re
ason phrase] Proxy Authentication Required
[GuzzleHttp\Exception\ClientException]
Client error response [url] http://symfony.com/download?v=Symfony_Standard_Vendors_latest.tgz [status code] 407 [re
ason phrase] Proxy Authentication Required
So I did a step back to see if I can do a cURL request in a PHP script. I used the following script to try it (my company is using a proxy server with NTLM authentication):
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.google.com');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROXY, 'proxy.company.loc');
curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
curl_setopt($ch, CURLOPT_PROXYTYPE, 'HTTP');
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, 'user:password');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
echo curl_exec($ch);
curl_close($ch);
And it worked fine.
What do I have to do to be able to install and use Symfony. Where do I define the proxy, the credentials and the NTLM method? I tried adding HTTP_PROXY in the env vars as "http://user:password#proxy.company.loc:8080", but that didn't help (maybe I also have to add the auth type NTLM somewhere).
The server is a Windows Server 2012 R2. PHP version is 5.6.5 and Apache is on 2.4.12.
Thanks for any help and sorry for any grammar errors!
I will describe solution which I use myself.
Download cntlm-0.92.3-setup.exe and install it (it will set up system service).
Configure cntlm.ini (C:\Program Files (x86)\Cntlm\cntlm.ini) - proxy address, no proxy, domain account etc.
Restart Cntlm Authentication Proxy service.
Set http_proxy/https_proxy to http://localhost:3128 (system wide method)
Try symfony installer now
Sometimes it could be a little bit slow but it works. I use this solution for all console apps that do not support integration with system wide proxy. Cntlm also works on unix based OS.
Hope that's help.
i am using Repo script by command:
curl https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
but after that i get an error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
i read some solutions to fix this problem and i got that adding the following line:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
but i want to know that which is the file can i add this line? Please help me! Thanks in advance!
You would add VERIFYPEER in a PHP file when making the cURL call e.g.
<?php
// create curl resource
$ch = curl_init();
// set url
curl_setopt($ch, CURLOPT_URL, "example.com");
//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// set verifypeer to false
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// $output contains the output string
$output = curl_exec($ch);
// close curl resource to free up system resources
curl_close($ch);
?>
As you are running curl from command line verifypeer will not work, you would need to use --insecure
curl --insecure https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
A better solution would be to try and make sure you have SSL certificate bundles installed. E.g. on CentOS:
yum install ca-certificates
If that doesn't work you can download and include the bundle manually from http://curl.haxx.se/ca/cacert.pem or https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
curl_setopt($ch, CURLOPT_CAPATH, 'ca-bundle.crt');
or via command line
curl --cacert /path/to/ca-bundle.crt https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
You can use the curl shell command with the --insecure option:
curl --insecure https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
From the curl man page:
-k/--insecure
(SSL) This option explicitly allows curl to perform "insecure"
SSL connections and transfers. [...]
Maybe your network connenction to git server was blocked!!!
I recently moved a cURL script from one server (Ubuntu) to another (Mac OS X). The script worked when run from the Ubuntu server but it doesn't work on the OS X server. I get error 35 and this:
error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter
Any ideas?
Edit: Here's what's probably a really good clue. This doesn't work:
curl -v https://foo.com/OA_HTML/RF.jsp?function_id=123
But this does:
curl -v -sslv3 https://foo.com/OA_HTML/RF.jsp?function_id=123
Now I just need to know how to do the equivalent of the second command from within PHP.
Could be some php.ini setting or apache follow or openbasedir setting !
I know I'm late but the equivalent of
curl -v -sslv3 https://foo.com/OA_HTML/RF.jsp?function_id=123
is
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSLVERSION, 3); //set to force SSL3
curl_setopt($ch, CURLOPT_URL, "https://foo.com/OA_HTML/RF.jsp?function_id=123");
$result = curl_exec ($ch); //execute the request
Most of the time CURL over SSL uses OpenSSL, more than likely either CURL or OpenSSL is not installed or enabled on the new server. Save a file on the server with:
<?php phpinfo(); ?>
and check if these are enabled
ADD
Either that or your SSL Certificates where not created on the machine you are trying to use them on. Each SSL certificate has specific information about each machine (if received from an online vendor)