cancel
Showing results for 
Search instead for 
Did you mean: 

IPN was not sent, and the handshake was not verified. Please review your information.

Member

IPN was not sent, and the handshake was not verified. Please review your information.

I get this error every single time I want to try and test the IPN simulation.

 

The listener code I have is very simple:

 

<?php


file_put_contents('export.txt', var_export($_POST,true));

 

?>

 

I have this uploaded on my servers, which have valid and certified SSL.

 

I type in the URL to the listener, and choose express checkout.

 

I click 'Send IPN'  I get the non-informative error 'IPN was not sent, and the handshake was not verified. Please review your information.'

 

We thought it was the SSL so we bought and reinstalled (twice now) certificates. SSL is not the problem. Everything comes back green when we run SSL certificate checks on the URL.

 

 

On top of all of this, the example code on https://developer.paypal.com/docs/classic/ipn/gs_IPN/

 

contains .PHP code that once we put into a file, and ran the simulator, it got stuck in a endless loop that is currently filling our server's error log with a constantly growing error log. 

 

Anyways, the endless loop is not the main problem here. The IPN simulator refuses to work under any condition, we've tried everything the internet had to offer, from answers to Stack Overflow or simply calling PayPal support to be told we need to email someone because they had no clue what we were talking about and then the phone call disconnected.

 

I have also tried the sample code found here: https://developer.paypal.com/docs/classic/ipn/ht_ipn/

 

Why are there two separate PHP sample code guides? Anyways, it did not work either. 

 

We are trying to set up a process to be a business through PayPal, but this is making it impossible.

 

Is there any help for this other than the error message that doesn't tell me what's wrong at all? Is there an error log somewhere I'm missing?

 

 

 

 

23 REPLIES 23
Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

My server is SHA256 compliant, has a certificate chain signed with SHA-2.

 

From QualysCommunity Server checker:

 

example

Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

After creating  facilitator and buyer sandbox accounts and doing mock transactions, 

 

I have condluded that the Simulator is simply broken. When using the sandbox, IPN works correctly, and notifies my servers of a purchase, allowing them to react accordingly.

 

The sample php code used is as follows:

 

<?php


// CONFIG: Enable debug mode. This means we'll log requests into 'ipn.log' in the same directory.
// Especially useful if you encounter network errors or other intermittent problems with IPN (validation).
// Set this to 0 once you go live or don't require logging.
define("DEBUG", 1);
// Set to 0 once you're ready to go live
define("USE_SANDBOX", 1);
define("LOG_FILE", "./ipn.log");
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
	$keyval = explode ('=', $keyval);
	if (count($keyval) == 2)
		$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
	$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
	if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
		$value = urlencode(stripslashes($value));
	} else {
		$value = urlencode($value);
	}
	$req .= "&$key=$value";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if(USE_SANDBOX == true) {
	$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
	$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
	return FALSE;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if(DEBUG == true) {
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) // cURL error
	{
	if(DEBUG == true) {	
		error_log(date('[Y-m-d H:i e] '). "Can't connect to PayPal to validate IPN message: " . curl_error($ch) . PHP_EOL, 3, LOG_FILE);
	}
	curl_close($ch);
	exit;
} else {
		// Log the entire HTTP response if debug is switched on.
		if(DEBUG == true) {
			error_log(date('[Y-m-d H:i e] '). "HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req" . PHP_EOL, 3, LOG_FILE);
			error_log(date('[Y-m-d H:i e] '). "HTTP response of validation request: $res" . PHP_EOL, 3, LOG_FILE);
		}
		curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp ($res, "VERIFIED") == 0) {
	// check whether the payment_status is Completed
	// check that txn_id has not been previously processed
	// check that receiver_email is your PayPal email
	// check that payment_amount/payment_currency are correct
	// process payment and mark item as paid.
	// assign posted variables to local variables
	//$item_name = $_POST['item_name'];
	//$item_number = $_POST['item_number'];
	//$payment_status = $_POST['payment_status'];
	//$payment_amount = $_POST['mc_gross'];
	//$payment_currency = $_POST['mc_currency'];
	//$txn_id = $_POST['txn_id'];
	//$receiver_email = $_POST['receiver_email'];
	//$payer_email = $_POST['payer_email'];
	
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
	}
} else if (strcmp ($res, "INVALID") == 0) {
	// log for manual investigation
	// Add business logic here which deals with invalid IPN messages
	if(DEBUG == true) {
		error_log(date('[Y-m-d H:i e] '). "Invalid IPN: $req" . PHP_EOL, 3, LOG_FILE);
	}
}

?>
New Community Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

MUCH frustration - but I can confirm that I see this behavior too as of August 19th... simulator fails while actually processing test transactions invokes the IPN url correctly.

Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

@Username555 you say

 

When using the sandbox, IPN works correctly, and notifies my servers of a purchase

 

Can you link to some resources on how one can use the sanbox without the simulator? I've been trying to follow this guide: https://developer.paypal.com/docs/classic/lifecycle/sb_calls/ and sure enough, I get success from curl, but how do I tie this in with my server and get the payment notifications to my servers, akin to the IPN simulator? Do I understand you correctly in that you found a way to simulate notifications without using the IPN simulator? If so, I would appreciate any tips on moving in the right direction.

New Community Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

Any update on this 2 month old thread which is still aggravating people today?

New Community Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

Does anyone has a solution about it? I'm getting a "IPN was not sent, and the handshake was not verified. Please review your information. and Paypal IPN tester is too poorly documented on this error.

New Community Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

I am having the same problem.

New Community Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

Like everyone else I am having no success with the IPN Simulator. When I last used it (I think it was in June), it was still working normally.

 

Performing Sandbox transactions delivers information fine through IPN, but logs an error (unless CURLOPT_SSL_VERIFYPEER is set to 0): "cURL error: [60] SSL certificate problem: unable to get local issuer certificate".

 

I have a valid SSL certificate (SHA-2) and  php is running with OpenSSL/1.0.1e.

 

My main concern is that next year all live payments will follow the current sandbox model, so this needs to be sorted out before then. 

 

 

Member

Re: IPN was not sent, and the handshake was not verified. Please review your information.

It seems its still broken. I get no feedback at all from IPN scripts. The simulator tells me the handshake has been successfull and verified but when I make a dummy transaction using the 'buyer' account the IPN is silent, nothing is returned.

 

I've tried just about every IPN script there is to try and just about every tutorial I can find.

 

Paypal need to come clean about this as pre-testing is key to launching a site which needs to talk to a backend datbase. If they dont put it right its time to find another payment gateway that is not mickey mouse.