Skip to content
This repository has been archived by the owner on Apr 15, 2024. It is now read-only.

Getting INVALID IPN status every time #29

Open
digiogi opened this issue Oct 16, 2014 · 10 comments
Open

Getting INVALID IPN status every time #29

digiogi opened this issue Oct 16, 2014 · 10 comments

Comments

@digiogi
Copy link

digiogi commented Oct 16, 2014

I'm getting INVALID IPN status every time even the payment is made.

I'm using the php api.

Is there any way to do this properly?
@arvydaso
Copy link

A month ago I was working with IPN, everything worked perfectly.

@petert82
Copy link

I believe this is related to the 'force_ssl_v3' option. PayPal have recently disabled SSLv3.

@digiogi
Copy link
Author

digiogi commented Oct 16, 2014

@arvydaso With paypal ipn test tools, yeah I'm getting valid responses. But I was getting INVALID in the real life scenario even the payment is made and valid.

@petert82 With disabling SSL3, the api was broken. I've changed the line 109 with
curl_setopt($ch, CURLOPT_SSLVERSION, 4);

It works again but the INVALID situation still continues.

@kicktraq
Copy link

Pretty sure it's from the POODLE vulnerability. I just changed from 108:

if ($this->force_ssl_v3) {
    curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}

to

if ($this->force_ssl_v3) {
    curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'SSLv3');
} else {
    curl_setopt($ch, CURLOPT_SSLVERSION, 3);
}

@petert82
Copy link

@kicktraq After reading the answer from Archimedix here, I opted to just ditch the 'force_ssl_v3' option and replace that if statement in curlPost with:

curl_setopt($ch, CURLOPT_SSLVERSION, 1);

@kicktraq
Copy link

Ah perfect. Thanks for the link!

@thefotolander
Copy link

Is fsock option any different? I have a lot of people depending on this for payments, can I switch to this?

    $listener->use_curl = false;

@mdriess
Copy link

mdriess commented Oct 17, 2014

Thank you @petert82 !! Works great for us.

@mdriess mdriess mentioned this issue Oct 17, 2014
Closed
@afbora
Copy link

afbora commented Dec 25, 2014

INVALID error response still continue.

@digiogi did you fix it?

@CyberPunkCodes
Copy link

This project has not been updated since 2012. It is a shame because it was a simple, yet efficient, PayPal IPN script. Since this has not been maintained, it does not work anymore. PayPal has removed support for SSLv3 due to the POODLE vulnerability, which came about after the last update to this repo. PayPal has also updated their documentation and example code, which I have updated this project to reflect PayPal's recommendations.

I have forked this repo, fixed it, and I am now maintaining the current version. Please use my version found here: https://github.com/WadeShuler/PHP-PayPal-IPN

I give FULL credit to Quixotix for his great script.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@thefotolander @mdriess @kicktraq @afbora @petert82 @arvydaso @digiogi @CyberPunkCodes