суббота, 19 марта 2016 г.

tlstest.paypal.com cURL error

При попытке подключения к tlstest.paypal.com появляется ошибка:
# php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch));'
bool(false)

# curl -v https://tlstest.paypal.com/
* About to connect() to tlstest.paypal.com port 443 (#0)
*   Trying 23.77.253.128... connected
* Connected to tlstest.paypal.com (23.77.253.128) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

Такая ошибка может появляться, если на сервере отключена уязвимая SSLv3.
В таком случаем можно коннектиться по безопасному TLSv1:
# curl -v https://tlstest.paypal.com/ --tlsv1
* About to connect() to tlstest.paypal.com port 443 (#0)
*   Trying 23.77.253.128... connected
* Connected to tlstest.paypal.com (23.77.253.128) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate:
* subject: CN=tlstest.paypal.com,OU=CDN Support,O="PayPal, Inc.",STREET=2211 N 1st St,L=San Jose,ST=California,postalCode=95131-2021,C=US,serialNumber=3014267,businessCategory=Private Organization,incorporationState=Delaware,incorporationCountry=US
* start date: Nov 06 00:00:00 2015 GMT
* expire date: Oct 26 23:59:59 2017 GMT
* common name: tlstest.paypal.com
* issuer: CN=Symantec Class 3 EV SSL CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: tlstest.paypal.com
> Accept: */*

< HTTP/1.1 200 OK
< Content-Type: text/html
< Content-Length: 20
< Date: Sat, 19 Mar 2016 10:26:09 GMT
< Connection: keep-alive

* Connection #0 to host tlstest.paypal.com left intact
* Closing connection #0

# php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, "1" ); var_dump(curl_exec($ch));'
PayPal_Connection_OK
bool(true)

Комментариев нет: