最近公司要串 paypal 的程式.需要用到 curl 的指令連線使用 TLS1.2 的協定
但是 CentOS 6.x 預設的版本的是 curl 7.19.7 ,無法連到 paypal
正確方法如下:
引用:
$ curl -v https://api.paypal.com
* Rebuilt URL to: https://api.paypal.com/
* Hostname was NOT found in DNS cache
* Trying 173.0.84.98...
* Connected to api.paypal.com (173.0.84.98) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
* Server certificate: api.paypal.com
* Server certificate: VeriSign Class 3 Secure Server CA - G3
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
> GET / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: api.paypal.com
> Accept: */*
The important bit is:
TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA256
不正確如下:
引用:
# curl -v https://api.paypal.com
* About to connect() to api.paypal.com port 443 (#0)
* Trying 173.0.92.23... connected
* Connected to api.paypal.com (173.0.92.23) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS: client certificate not found (nickname not specified)
* SSL connection using SSL_RSA_WITH_RC4_128_SHA
* Server certificate:
* subject: CN=api.paypal.com,OU=PayPal Production,O="PayPal, Inc.",L=San Jose,ST=California,C=US
* start date: Apr 15 00:00:00 2015 GMT
* expire date: Apr 01 23:59:59 2016 GMT
* common name: api.paypal.com
* issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: api.paypal.com
> Accept: */*
所以這時後你只要更新 curl 版本到 curl 7.47.1 以上就好了
方法如下:
# rpm -Uvh http://nervion.us.es/city-fan/yum-repo/rhel6/x86_64/city-fan.org-release-1-13.rhel6.noarch.rpm
# yum install curl
# curl -V
如果看到 curl 7.47.1 就搞定啦...
接著你可以在系統上這樣驗證串paypal 正不正常:
#php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch));'
On success, PayPal_Connection_OK is printed.
On failure, bool(false) will be printed.