Archive for October 29th, 2012
Recently we’ve been working on some payment related code and found that communication with PayPal’s Sandbox was constantly failing due to SSL related errors, such as these:
curl_exec error 35 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
curl_exec error 60 SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
As a result, we couldn’t test any code properly which led to a lot of frustration. As it turns out, we weren’t alone in this.
After trying to figure things out, testing our certificates and verifying everything was setup correctly we eventually realised that the PayPal PHP SDK actually has a mistake in it, and specifies the incorrect endpoints for their sandbox when using the API Signature communications method.
On page 25 of their API reference document (PDF) actually specifies the the API Signature and the API Certificate methods on the sandbox should be the same:
But this is not the case, an assertion I make supported by a different set of documentation on the PayPal site.
Fixing the Issue
The entries in the SDK you download are actually wrong so we edited our PayPal SDK files (
PayPal/wsdl/paypal-endpoints.php) to point as the correct endpoints specified in the latter document and everything worked fine.