search

protonemedia / laravel-paddle

Paddle.com API integration for Laravel with support for webhooks/events
https://protone.media/en/blog/a-new-laravel-package-to-handle-payments-and-subscriptions-with-paddle
MIT License
203 stars 18 forks source link

SSL issue #12

Closed joostvanhoof closed 4 years ago

joostvanhoof commented 4 years ago

I'm quite lost regarding where exactly this issue occurs, so please excuse me if it turns out that it has nothing to do with this package.

When I test my webhook in the Paddle dashboard, I get error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure. First, I thought that Paddle was connecting over SSLv3 but that seems highly unlikely as I've done some searching and it seems this is ancient and not recommended encryption.

On my nginx server I have (this might be relevant to the issue):

ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;

The reason that I'm posting this issue here is that WebhookController has

$verified = openssl_verify(
  serialize($data),
  base64_decode($encodedSignature),
  openssl_get_publickey(config('paddle.public_key')),
  OPENSSL_ALGO_SHA1
);

Judging from the response that I get in the Paddle dashboard I still think it's on their end but I wanted to double check if the issue could come from the code above, or that maybe you ran into this issue as well while working on this package.

I have set my public_key in my ENV file and run config:cache on deployment.

schollf commented 4 years ago

Check #11 - that should solve it.

joostvanhoof commented 4 years ago

That solved it, thanks for the quick reply!