$ch = curl_init();
$clientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
curl_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.":".$secret);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
这段代码在本地主机上可以工作,但是当我在我的实际服务器上测试时,它会给我一个错误:Error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure 然后我尝试了这个。
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
var_dump(curl_exec($ch));
if ($err = curl_error($ch)) {
var_dump($err);
echo "DEBUG INFORMATION:\n###########";
echo "CURL VERSION";
echo json_encode(curl_version(), JSON_PRETTY_PRINT);
}?>
这句话的意思是:“github.com/paypal/TLS-update/tree/master/php 这个在本地主机上可以正常运行,在线上环境上会出现问题。”
error bool(false)
string(67) "Unknown SSL protocol error in connection to tlstest.paypal.com:443 "
DEBUG INFORMATION:
###########CURL VERSION
我的服务器拥有这些证书:
服务器密钥和证书#1
Subject *.secure.xxxxxxxx.com
Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pin SHA256: S4/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Common names *.secure.xxxxxxxx.com MISMATCH
Alternative names *.secure.xxxxxxx.com
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Symantec Class 3 Secure Server CA - G4
AIA: xxxxxxx/ss.crt
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information CRL, OCSP
CRL: xxxxxx/ss.crl
OCSP: xxxxxxxxx
Revocation status Good (not revoked)
Trusted No NOT TRUSTED (Why?)
#2
Subject Symantec Class 3 Secure Server CA - G4
Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pin SHA256: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Key RSA 2048 bits (e 65537)
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Signature algorithm SHA256withRSA
#3
Subject VeriSign Class 3 Public Primary Certification Authority - G5
Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pin SHA256: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Key RSA 2048 bits (e 65537)
Issuer VeriSign, Inc. / Class 3 Public Primary Certification Authority
Signature algorithm SHA1withRSA WEAK
**Protocols**
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No