Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
689 views
in Technique[技术] by (71.8m points)

asp classic - WinHTTP.WinHTTPRequest.5.1 does not work with PayPal sandbox after TLS 1.2

PayPal sandbox just recently restricted to TLS 1.2 connection. This makes our site stop working with PayPal sandbox although it stills work with the production PayPal. In the future the production PayPal will have the same restriction. We're using classic ASP and Microsoft WinHTTP.WinHTTPRequest.5.1 component for communication with PayPal. Here's the code below. objHttp.StatusText returns "Bad Request". We're on Windows Server 2008 R2. I tried to use MSXML2.ServerXMLHTTP.6.0 instead, but it only works on my Windows 8.1 development machine, not on our Windows Server 2008 R2. Although MSXML2.ServerXMLHTTP.6.0 is a superset of WinHTTP.WinHTTPRequest.5.1, but it is less reliable than WinHTTP.WinHTTPRequest.5.1. Our code fails a few times a day using MSXML2.ServerXMLHTTP.6.0 in the past, so I prefer using WinHTTP.WinHTTPRequest.5.1. I'm also not confident in this line of code: objHttp.Option(9) = &H0AA0 . A workaround that we're using is calling the WebAPI for sending message to PayPal; however, this causes an extra minor delay.

dim objHttp
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
dim WinHttpRequestOption_EnableHttp1_1 : WinHttpRequestOption_EnableHttp1_1 = 17
objHttp.Option(WinHttpRequestOption_EnableHttp1_1) = False

dim WinHttpRequestOption_SslErrorIgnoreFlags : WinHttpRequestOption_SslErrorIgnoreFlags=4
objHttp.Option(WinHttpRequestOption_SslErrorIgnoreFlags) = &H3300
objHttp.setTimeouts 0, 120000, 120000, 120000 
objHttp.Option(9) = &H0AA0 '2720
objHttp.open "post", "" & "https://api-3t.sandbox.paypal.com/2.0/" & "", False
strRequest = SetExpressCheckoutSOAP(returnURL, cancelURL)
objHttp.setRequestHeader "Content-Type", "text/xml; charset=utf-8"
objHttp.setRequestHeader "Content-Length", Len(strRequest)

objHttp.setRequestHeader "Host", "api-3t.sandbox.paypal.com"
Call objHttp.send(strRequest)
if objHttp.Status = 200 then
   resp = objHttp.responseText
else
   response.write objHttp.StatusText
end if

WebAPI invoke code:

dim webapiresp, webapidata
webapidata = "{""url"":""" & gv_APIEndpoint & """, ""message"":""" & nvpStrComplete & """,""soap"":0}"
webapiresp=InvokeWebAPI(strApiDomain, "POST", "comm/send", "", webapidata)
        set reply=JSON.parse(webapiresp)
        resp = reply.xml

Function InvokeWebAPI(strApiDomain, method, funcname, param, data)
dim HttpReq, apiURI, resp

set HttpReq=Server.CreateObject("MSXML2.ServerXMLHTTP")
'apiURI=strApiDomain & funcname & param
apiURI=strApiDomain & "api/" & funcname & param


HttpReq.open method, apiURI, false

HttpReq.setRequestHeader "Content-Type", "application/json; charset=UTF-8"
HttpReq.setRequestHeader "SOAPAction", apiURI
HttpReq.setRequestHeader "Authorization", "Basic " & Base64Encode("xxx:xxx")

if data <> "" then
    HttpReq.send data
else
    HttpReq.send 
end if

resp = HttpReq.responseText

set HttpReq=Nothing

InvokeWebAPI = resp
End Function
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

My application is written in ASP classic and I use WinHttp.WinHttpRequest.5.1in place of MSXML2.ServerXMLHTTP.6.0. to post to paypal sandbox url.

What works for me is telling the WinHttp.WinHttpRequest.5.1 objec to use TLS 1.2:

Set

httpRequest = Server.CreateObject("WinHttp.WinHttpRequest.5.1")
httpRequest.option (9) = 2720

All that on Windows Server 2012


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...