Я столкнулся с этой проблемой с ruby 2.7.0, Rails 6.0.3.2, paypal-sdk-core 1.7.4 и OpenSSL 1.1.1d на macOS Catalina v10.15.6. Когда я развернул код на Amazon Linux 2, AWS получил ту же ошибку. Итак, я предполагаю, что что-то в vendor / bundle было сломано.
Этот код был рабочий до того, как я переустановил ruby2.7.0 с помощью rbenv uninstall & install.
Произошла ошибка исключения когда Sale.find был выполнен в следующем коде.
sale = Sale.find(ipn.txn_id) refund = sale.refund_request({
:amount => {
:total => refund_amount.to_f,
:currency => ipn.currency_code },
:reference => reference
})
Я проверил соединение HTTPS, и подтверждение SSL выглядит нормально.
$ openssl s_client -connect api.sandbox.paypal.com:443
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = San Jose, O = "PayPal, Inc.", OU = PayPal Production, CN = api.sandbox.paypal.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = San Jose, O = "PayPal, Inc.", OU = PayPal Production, CN = api.sandbox.paypal.com
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Jose, O = "PayPal, Inc.", OU = PayPal Production, CN = api.sandbox.paypal.com
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
---
Acceptable client certificate CA names
C = US, ST = California, L = San Jose, O = "PayPal, Inc.", OU = sandbox_certs, CN = sandbox_camerchapi, emailAddress = re@paypal.com
C = US, ST = California, L = San Jose, O = "PayPal, Inc.", OU = stage1_certs, CN = stage1_camerchapi, emailAddress = re@paypal.com
C = US, ST = CA, L = San Jose, O = PayPal Inc., OU = Mobile Client Certificate Authority, CN = PayPal Sandbox Client CA, emailAddress = DL-PP-ApplicationSecurity@paypal.com
CN = gtorel_1310486522_per_api1.paypal.com, L = Napoli, ST = Napoli, C = IT
CN = Sandbox_RootCA, OU = PayPal Crypto Mgt, O = PayPal Inc., L = San Jose, ST = California, C = US
CN = Sandbox_MerchantIssuingCA, OU = Platform Security, O = PayPal Inc., L = San Jose, ST = California, C = US
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4449 bytes and written 462 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: C66CE9265BF19D4A2FB4C4ED43B9C4523FCCA69C09F49BF0E2BBC6E012491463
Session-ID-ctx:
Master-Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1596387340
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---