php - PayPal IPN Listener - SSL Certificate Handshake Failure -

running php 5.3.28 , curl 7.30.0 (openssl/0.9.8y & libssh2/1.4.2) on windows server 2008 r2 using iis.

i'm creating ipn listener paypal instant payment notifications using sandbox environment, no matter ssl certificate errors like:

error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure

here code (where $fields correct fields post back):

$ch = curl_init(); curl_setopt($ch, curlopt_url, 'https://www.sandbox.paypal.com/cgi-bin/webscr'; curl_setopt($ch, curlopt_post, true); curl_setopt($ch, curlopt_postfields, $fields); curl_setopt($ch, curlopt_returntransfer, true); curl_setopt($ch, curlopt_failonerror, true); if ($result = curl_exec($ch)) {     echo 'result = '.$result.'<br>'; } else {     echo 'result = '.$result.'<br>';     echo 'errno = '.curl_errno($ch).'<br>';     echo 'error = '.curl_error($ch).'<br>'; } curl_close($ch); 

so, understand paypal server requires tls 1.2 , not support ssl 2/3, can't seem post request work. i've tried:

curl_setopt($ch, curlopt_ssl_verifypeer, false);

...and same error. i've tried:

curl_setopt($ch, curlopt_sslversion, n);

...which gets these results:

• [default] = 35 error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure
• 0 curl_sslversion_default = 35 error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure
• 1 curl_sslversion_tlsv1 = 35 error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure
• 2 curl_sslversion_sslv2 = 4 openssl built without sslv2 support
• 3 curl_sslversion_sslv3 = 35 error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure
• 4 curl_sslversion_tlsv1_0 = 35 error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure
• 5 curl_sslversion_tlsv1_1 = 35 error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure
• 6 curl_sslversion_tlsv1_2 = 35 error:14077410:ssl routines:ssl23_get_server_hello:sslv3 alert handshake failure

i read somewhere try this:

curl_setopt($ch, curlopt_cainfo, dirname(__file__) . '\cacert.pem');

where cacert.pem downloaded http://curl.haxx.se/docs/caextract.html , placed in same directory script. doesn't make difference.

is code correct..?

how make work..?

i have working now, here's how:

1. verify certificate
2. upgrade @ least php 5.6.0 / openssl 1.0.1
3. save , reference cacert.pem

1. verify certificate

use curl_setopt($ch, curlopt_ssl_verifypeer, true); verify certificate.

2. upgrade @ least php 5.6.0 / openssl 1.0.1

upgrade at least php 5.6.0, seems bring along openssl/1.0.1i. think @ least openssl version 1.0.1 required support tls 1.2, paypal requires.

3. save , reference cacert.pem

save cacert.pem http://curl.haxx.se/docs/caextract.html locally (in case c:\cert), update php ini you're using reference cacert.pem as shown here. using ini file saves having use curl_setopt($ch, curlopt_cainfo, dirname(__file__) . '\cacert.pem'); in every call.