Error 28 means that your server couldn't reach the payment server. In your case it means your server isn't getting a response from the paypal server.
Possible causes:
a) maybe you changed more than just the CURLOPT line when editing the file
b) if you have your paypal module configured to work with the Sandbox, change it to use the Live/Production server instead. Sometimes the PayPal sandbox server operates differently from the real production server. And the sandbox should only be used for 2 minutes to test communications. After that you should be using Live mode else your store won't actually collect money from customers.
c) perhaps your webserver is seriously outdated and doesn't know how to communicate over TLS. In that case if the only way it knows is SSL3 then it won't be able to talk to PayPal because PayPal has turned off SSLv3 support.
d) perhaps your webserver is using an obsolete version of PHP which doesn't know how to communicate securely without ssl3.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Really appreciated your help DrByte,
i double checked all of my step according to your advice,
a)
i followed your instruction of below article, use developer tool kit search keyword "CURLOPT_SSLVERSION" to locate the file need to be revise.
http://www.zen-cart.com/showthread.p...yment-security
instead of 5files, i can only locate 3 files contain "CURLOPT_SSLVERSION", please refer to below picture
paypal_curl.php
class.linkpoint_api.php
authorizenet_echeck.php
i commented all out just followed your instruction. but after doing this, i encountered CURL time out issue.
b) the sandbox should be correctly deployed, i used the same setting(API key, user name) for another shopping cart program running on same server, it works perfectly.
c) i have also created a tick inquiry to host(lunarpages)
Question:
i am fixing the SSL V3.0 on zencart with using paypal's sandbox account, when i use paypal's sandbox account to check out i encountered CURL timeouts, paypal guy said this is host's server configuration problem, i see you server SSL version is openssl/0.9.8b, does it support TLSv1.2?
Lunarpages's Answer : Our servers do indeed support TLSv1.2.
is there anything i can do to fix this issue?
If you are indeed using v1.3.9g (which by the way was released in 2010 ... it is now 2014, so you're missing out on 4 years' worth of bugfixes and software improvements), then replacing your paypal_curl.php file with the attached file will suffice. This of course cannot account for any other ways in which you've altered your site's code vs original Zen Cart files.
I'd really like you to test against the live PayPal site, since the PayPal Sandbox is often in an experimental state, and does not reflect how the software will work in a real live environment. You don't even have to complete a payment ... just start an Express Checkout transaction so that it takes you to the PayPal login screen. That will test the communications adequately. But you must use Live API credentials, not Sandbox API credentials.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Really appreciated that, i am sorry, actually i am currently using v1.3.9h, my website works fine with paypal express checkout(live) before and after applying your file, but not in sandbox environment(both), paypal called me 2days before and told me that the express checkout i am using will be affected by SSLV3 termination, that's why i make change of the codes just according to your advice.
Thanks greatly for your easy understand wordings,i am not professional developers, just a small merchant, we can't afford frequent website update, the study cost would be too high for me.
Most likely that's because your hosting company has the sandbox site IP addresses blocked in their firewall.
Your hosting company will need to allow access to the sandbox IP addresses, as per: https://ppmts.custhelp.com/app/answers/detail/a_id/92
Zen Cart uses the following PayPal hosts, so all of their IP addresses need to be allowed:
www.paypal.com
www.sandbox.paypal.com
api-3t.paypal.com
api-3t.sandbox.paypal.com
payflowpro.paypal.com
pilot-payflowpro.paypal.com
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
DrByte,
i've just got the reply from lunarpages, they said"have checked and do not see that any of those IP Addresses are being blocked on the BALLAST server firewall"
but the time out problem still exist, even i installed a new clean zencart 1.3.9h after comment out all CURLOPT_SSLVERSION, is there any possibility that caused this issue? the paypal payment module?
What's the URL to your website?
What's the URL to your curl test script as described here? http://www.zen-cart.com/showthread.p...187#post434187
What do you get as a response when you ask it to test paypal, as described in that post?
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
DrByte,
the test passed, i think, it's because paypal still allow SSLV3 channel, right? but they are going to terminate on 4 December2014
the test result:
COMMUNICATIONS TEST OKAY.
You may see error information below, but that information simply confirms that the server actually responded, which means communications is open.
Array
(
[url] => "https://api-3t.paypal.com/nvp"
[content_type] => text/plain; charset=utf-8
[http_code] => 200
[header_size] => 153
[request_size] => 204
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.404822
[namelookup_time] => 0.09915
[connect_time] => 0.140942
[pretransfer_time] => 0.284499
[size_upload] => 37
[size_download] => 146
[speed_download] => 360
[speed_upload] => 91
[download_content_length] => 146
[upload_content_length] => 37
[starttransfer_time] => 0.404745
[redirect_time] => 0
[certinfo] => Array
(
)
[redirect_url] =>
)
DrByte,
Really appreciated you keep looking at this issue and support so far
the test passed, both live and sandbox mode, but is it simple that paypal still support SSLV3 at this moment, would it fail after 4 Decmeber?
the test result:
COMMUNICATIONS TEST OKAY.
You may see error information below, but that information simply confirms that the server actually responded, which means communications is open.
Array
(
[url] => "https://api-3t.paypal.com/nvp"
[content_type] => text/plain; charset=utf-8
[http_code] => 200
[header_size] => 153
[request_size] => 204
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.404822
[namelookup_time] => 0.09915
[connect_time] => 0.140942
[pretransfer_time] => 0.284499
[size_upload] => 37
[size_download] => 146
[speed_download] => 360
[speed_upload] => 91
[download_content_length] => 146
[upload_content_length] => 37
[starttransfer_time] => 0.404745
[redirect_time] => 0
[certinfo] => Array
(
)
[redirect_url] =>
)
Bookmarks