I am working on the paypal ipn script in one of my applications hosted on a Digital Ocean's box with Centos 7.
When i try to connect to the paypal sandbox api i get the error "Cannot connect: SSL is disabled."
I have tried several things like adding the path of the curl.cainfo in my php.ini file like socurl.cainfo = /etc/pki/tls/certs/ca-bundle.trust.crt
this is what my cURL script looks like
// STEP 2: Post IPN data back to paypal to validate
$ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr'); // change to [...]sandbox.paypal[...] when using sandbox to test
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'ecdhe_rsa_aes_128_gcm_sha_256');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
I have not got much experience with Linux server setup so I am learning as i go along. Any help or guide is much appreciated
UPDATE : when i run the this command in the command line curl --version https://sandbox.paypal.com/cgi-bin/webscr
i get this error curl: (1) Protocol "https" not supported or disabled in libcurl
Also the command curl --version displays curl 7.42.1 (x86_64-unknown-linux-gnu) libcurl/7.46.0
So i am guessing the new question would be how to enable https in libcurl?
I was able to solve this problem with the help of one my friends with a lot of Linux experience. Apparently this was an issue with the version of cURL installed on my Digital Ocean box.
So the solution was to remove the version of cURL i had installed which was not installed correctly because i had built the binaries my self.
I installed the problematic cURL using these commands
wget -O curl.tar.gz http://curl.haxx.se/download/curl-7.42.0.tar.gz
tar -xvzf curl.tar.gz
cd curl-7.42.0
./configure
make
make install
I removed the problematic cURL that had https issues like this
which curl
(To tell me where the executable was located and it was located in usr/local/bin/curl)
Then i did
sudo rm -f /usr/local/bin/curl
(To remove the cURL giving issues)
Then i used the command
sudo yum install curl php5-curl
This installed cURL correctly for me. The i ran
curl --version
To confirm that https is now supported in the cURL version and it was.
I logged out of my droplet and logged back in. Then tried the
curl --version "https://sandbox.paypal.com/cgi-bin/webscr"
command and everything worked. I was able to connect to Paypal.
Thanks to everyone for their help and comments.
I think you need to enable fopen socket.You can ask hosting provider
I would only expect to see Protocol "https" not supported or disabled in libcurl if this were running a libcurl not installed from rpm - or if whoever configured the machine deliberately broke it for a valid reason, or was very incompetent; the Centos 7 rpm for libcurl has openSSL as a requirement.
Understanding what happened here and remediation will require root access to the target host to install software. You didn't say what access you have on the target system, and you are presumably paying Digital Ocean for support. Unless you broke it yourself, you should be asking Digital Ocean to fix it.
You're setting the wrong SSL version:
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
The Paypal sandbox only supports TLS 1.2 (which is CURLOPT_SSLVERSION == 6). The correct SSL version will be used automatically if you use PHP 5.5.19+ and OpenSSL 1.0.1+, or you can force it yourself with the following (still requires OpenSSL 1.0.1+):
curl_setopt($ch, CURLOPT_SSLVERSION, 6);