由于新版本的paypal支付组件在Prestashop中拥有较高的安全要求,因些可能会因为以下各种原因无法正常工作
1.服务器限制,包含dns无解析等
2.paypal插件文件权限问题,这个需要进入module/paypal修复文件权限,同其它ps程序文件权限一致
3.测试是否能够正常通信
测试脚本1
<?php
function get_tls_version($sslversion = null)
{
$c = curl_init();
curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
if ($sslversion !== null) {
curl_setopt($c, CURLOPT_SSLVERSION, $sslversion);
}
$rbody = curl_exec($c);
if ($rbody === false) {
$errno = curl_errno($c);
$msg = curl_error($c);
curl_close($c);
return "Error! errno = " . $errno . ", msg = " . $msg;
} else {
$r = json_decode($rbody);
curl_close($c);
return $r->tls_version;
}
}
echo "<pre>\n";
echo "OS: " . PHP_OS . "\n";
echo "uname: " . php_uname() . "\n";
echo "PHP version: " . phpversion() . "\n";
$curl_version = curl_version();
echo "curl version: " . $curl_version["version"] . "\n";
echo "SSL version: " . $curl_version["ssl_version"] . "\n";
echo "SSL version number: " . $curl_version["ssl_version_number"] . "\n";
echo "OPENSSL_VERSION_NUMBER: " . dechex(OPENSSL_VERSION_NUMBER) . "\n";
echo "TLS test (default): " . get_tls_version() . "\n";
echo "TLS test (TLS_v1): " . get_tls_version(1) . "\n";
echo "TLS test (TLS_v1_2): " . get_tls_version(6) . "\n";
echo "</pre>\n";
PAYPAL在文件
paypal/services/Checker.php
里面有代码
public function checkTLSVersion()
{
$return = [
'status' => false,
'error_message' => '',
];
if (defined('CURL_SSLVERSION_TLSv1_2') == false) {
define('CURL_SSLVERSION_TLSv1_2', 6);
}
$tls_server = $this->context->link->getModuleLink($this->module->name, 'tlscurltestserver');
$curl = curl_init($tls_server);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
$response = curl_exec($curl);
if (trim($response) != 'ok') {
$return['status'] = false;
$curl_info = curl_getinfo($curl);
if ($curl_info['http_code'] == 401) {
$return['error_message'] = $this->module->l('401 Unauthorised. Please note that the TLS verification can\'t be done if you have htaccess password protection, debug or maintenance mode enabled on your web site.', 'AdminPayPalController');
} else {
$return['error_message'] = curl_error($curl);
}
} else {
$return['status'] = true;
}
return $return;
}
需求1.2及以上版本CURL支持
测试代码2
<? // create curl resource $ch = curl_init(); // set url curl_setopt($ch, CURLOPT_URL, "https://api.nextendweb.com/"); //return the transfer as a string curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $errorFile = dirname(__FILE__) . '/curl_error.txt'; $out = fopen($errorFile, "w"); curl_setopt($ch, CURLOPT_VERBOSE, true); curl_setopt($ch, CURLOPT_STDERR, $out); // $output contains the output string $output = curl_exec($ch); curl_close($ch); fclose($out); echo "<h1>LOG</h1>"; echo "<pre>"; echo htmlspecialchars(file_get_contents($errorFile)); unlink($errorFile); echo "</pre>";
可以查看具体是什么原因导致的问题,
比如,在BT面板中,ssl默认用的是
/etc/pki/tls/certs/ca-bundle.crt
如提示这个文件过期,可下载最新的证书从 https://curl.se/ca/cacert.pem 链接
然后打开复制到报错文件中