SSL error for PayPal

Morning Mike;

I’ve redownloaded the woocommerce.php and class-wp-https.php files and modified the https one to read:

public static function http_api_curl( $handle, $r, $url ) {
		if ( strstr( $url, 'https://' ) && ( strstr( $url, '.paypal.com/nvp' ) || strstr( $url, '.paypal.com/cgi-bin/webscr' ) ) ) {
			curl_setopt( $handle, CURLOPT_SSLVERSION, 6 );
		}
	}

As outlined by you.

I performed another test transaction but it still fails. My server is using PHP 5.5 – could this be an issue? Here is my latest log:

04-19-2016 @ 10:35:33 - Generating payment form for order 4061. Notify URL: https://richardrosenman.com/wc-api/WC_Gateway_Paypal/
04-19-2016 @ 10:35:55 - Checking IPN response is valid
04-19-2016 @ 10:35:55 - IPN Request: Array
(
    [body] => Array
        (
            [cmd] => _notify-validate
            [mc_gross] => 29.99
            [invoice] => WC-4061
            [protection_eligibility] => Ineligible
            [item_number1] => 09442738
            [payer_id] => PHH9S5XRFKS2L
            [tax] => 0.00
            [payment_date] => 07:35:50 Apr 19, 2016 PDT
            [payment_status] => Pending
            [charset] => windows-1252
            [mc_shipping] => 0.00
            [mc_handling] => 0.00
            [first_name] => ******
            [notify_version] => 3.8
            [custom] => {"order_id":4061,"order_key":"wc_order_57164235e4f14"}
            [payer_status] => verified
            [num_cart_items] => 1
            [mc_handling1] => 0.00
            [verify_sign] => Ae-XDUZhrxwaCSsmGO9JpO33K7P1ATxPUryculJjoz1DfrbiPKpMz8pE
            [payer_email] => ******
            [mc_shipping1] => 0.00
            [tax1] => 0.00
            [txn_id] => 9MT84202LD414310S
            [payment_type] => instant
            [last_name] => ******
            [item_name1] => Product
            [receiver_email] => ******
            [quantity1] => 1
            [pending_reason] => unilateral
            [txn_type] => cart
            [mc_gross_1] => 29.99
            [mc_currency] => USD
            [residence_country] => US
            [test_ipn] => 1
            [transaction_subject] =>
            [payment_gross] => 29.99
            [ipn_track_id] => 4e1c2480af0dc
        )

    [timeout] => 60
    [httpversion] => 1.1
    [compress] =>
    [decompress] =>
    [user-agent] => WooCommerce/2.5.5
)

04-19-2016 @ 10:35:55 - IPN Response: WP_Error Object
(
    [errors] => Array
        (
            [http_request_failed] => Array
                (
                    [0] => The SSL certificate for the host could not be verified.
                )

        )

    [error_data] => Array
        (
        )

)

04-19-2016 @ 10:35:55 - Received invalid response from PayPal
04-19-2016 @ 10:35:55 - Error response: The SSL certificate for the host could not be verified.
04-19-2016 @ 10:36:09 - Checking IPN response is valid
04-19-2016 @ 10:36:09 - IPN Request: Array
(
    [body] => Array
        (
            [cmd] => _notify-validate
            [mc_gross] => 29.99
            [invoice] => WC-4061
            [protection_eligibility] => Ineligible
            [item_number1] => 09442738
            [payer_id] => PHH9S5XRFKS2L
            [tax] => 0.00
            [payment_date] => 07:35:50 Apr 19, 2016 PDT
            [payment_status] => Pending
            [charset] => windows-1252
            [mc_shipping] => 0.00
            [mc_handling] => 0.00
            [first_name] => ******
            [notify_version] => 3.8
            [custom] => {"order_id":4061,"order_key":"wc_order_57164235e4f14"}
            [payer_status] => verified
            [num_cart_items] => 1
            [mc_handling1] => 0.00
            [verify_sign] => Ae-XDUZhrxwaCSsmGO9JpO33K7P1ATxPUryculJjoz1DfrbiPKpMz8pE
            [payer_email] => ******
            [mc_shipping1] => 0.00
            [tax1] => 0.00
            [txn_id] => 9MT84202LD414310S
            [payment_type] => instant
            [last_name] => ******
            [item_name1] => Product
            [receiver_email] => ******
            [quantity1] => 1
            [pending_reason] => unilateral
            [txn_type] => cart
            [mc_gross_1] => 29.99
            [mc_currency] => USD
            [residence_country] => US
            [test_ipn] => 1
            [transaction_subject] =>
            [payment_gross] => 29.99
            [ipn_track_id] => 4e1c2480af0dc
        )

    [timeout] => 60
    [httpversion] => 1.1
    [compress] =>
    [decompress] =>
    [user-agent] => WooCommerce/2.5.5
)

04-19-2016 @ 10:36:09 - IPN Response: WP_Error Object
(
    [errors] => Array
        (
            [http_request_failed] => Array
                (
                    [0] => The SSL certificate for the host could not be verified.
                )

        )

    [error_data] => Array
        (
        )

)

04-19-2016 @ 10:36:09 - Received invalid response from PayPal
04-19-2016 @ 10:36:09 - Error response: The SSL certificate for the host could not be verified.

Thank you for your patience and don’t give up on me! I’m sure we’ll get there soon…

-Richard

What version of openSSL does your server have?

I just called them – 1and1. I have a managed dedicated server.

They said I do not have OpenSSL running because I do not have an SSL certificate. They said if I purchase an SSL certificate, the version will be TLS 2.0 with SHA2.

I thought I didn’t need an SSL certificate? Wasn’t that what you said?

-Richard

You don’t. OpenSSL is a PHP Module – pretty standard. https://php.net/manual/en/book.openssl.php

Hi Mike – glad you pointed that out for me. I called them back and another agent gave me the following info:

As requested below is the version of openssl running on your server:
OpenSSL 0.9.8o 01 Jun 2010

Not sure why the first guy gave me wrong information. I hope this will help get to the bottom of my issue?

Regards,
-Richard

Yikes. 2010! You should get that updated. I think that version is also vulnerable to some attacks – https://www.tinfoilsecurity.com/blog/how-to-fix-poodle-and-why-you-are-probably-still-vulnerable

Hi Mike;

I spoke to them again and have also provided them with your feedback. Although OpenSSL version can be changed using root access, I cannot use root access because I am on a managed server. Therefore, that is the version that is provided to me.

Is this a showstopper? Are you certain this is this the root of the problem?

Can WooCommerce still work with this version? I use 1and1 and they are HUGE. I imagine I am not they’re only client using WooCommerce.

What can we do from here to get this working. I really, really can’t afford anymore downtime.

Please let me know,
-Richard

I’m not the server expert, but regardless of whether it could work, running 6 year old vulnerable modules is not a great idea by any means. Since your issues stem from certificate errors, it would be a good place to start.

Hey Mike,

Just wanted to let you know that Setting the CURL option to 6 as suggested by you resolved the problem for me.

2 very quick follow up questions.

1) do we have to worry about future updates overwriting this edit that i made to the plugin files?

2) There are a couple of difference between the the old version of the file and the new one you recommended. Specifically the URL match is different. I just wanted to double check that everything is ok as it is implemented?

NEW VERSION:

public static function http_api_curl( $handle, $r, $url ) {
if ( strstr( $url, ‘https://’ ) && ( strstr( $url, ‘.paypal.com/nvp’ ) || strstr( $url, ‘.paypal.com/cgi-bin/webscr’ ) ) ) {
– curl_setopt( $handle, CURLOPT_SSLVERSION, 1 );
+ curl_setopt( $handle, CURLOPT_SSLVERSION, 6 );

OLD VERSION

public static function http_api_curl( $handle, $r, $url ) {

if ( strstr( $url, ‘https://’ ) && strstr( $url, ‘.paypal.com’ ) && defined( ‘CURL_SSLVERSION_TLSv1’ ) ) {

curl_setopt( $handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1 );

Thanks very much for finding the solution Mike

Core will be updated with this change so leave it to us.

Hi Mike,
Is there anything new that I can try. I’m still experiencing the same problem. With PayPal. The transaction in sandbox mode appears to be completing, but canceling out on the backend of website. My biggest problem is that I’m trying to use WPcourseware, which doesn’t work as “sold” because it’s designed to work with woocommerce.

Thanks

Wendy

@wendy

After paying for support, I found out my issue was because my host, 1and1, has not yet upgraded their TLS to 1.2. This explains why my sandbox transactions fail (PayPal has implemented it in their sandbox) but my live transactions till work (PayPal haven’t yet implemented TLS 1.2 in their live site – this will happen in late June).

I called my host and they said they plan to do the upgrade before PayPal’s deadline. I just wish I could have figured this out before paying for the support I had to.

I hope this helps you, Wendy.

-Richard

Richard & Mike,
Thank you. This piece of code seems to have to have completely fixed my issue!

public static function http_api_curl( $handle, $r, $url ) {
		if ( strstr( $url, 'https://' ) && ( strstr( $url, '.paypal.com/nvp' ) || strstr( $url, '.paypal.com/cgi-bin/webscr' ) ) ) {
			curl_setopt( $handle, CURLOPT_SSLVERSION, 6 );
		}
	}

So relieved!

Thanks again!

@ Rich95 Yeah my problem is the same with Hostgator. At least 1and1 said that they’ll do the update. Hostgator said they are not doing it!!! So we’ll see how it all unfold. I might need to change my host!
Thanks Richard.
Wendy

Mike,

I have updated my PHP to latest, TLS to 1.2 and openssl 1.0 + but still got SSL error as recommended by paypal but it was not working….

This code below fixed the issue.

https://github.com/woothemes/woocommerce/pull/10639/files#diff-756119b732dafd5bfcea0f7bb32fd481R126

Thanks
Fahad