I keep getting back a Braintree_Exception_SSLCertificate exception when I try to generate a client token using Braintree_ClientToken::generate(). I've got the SDK loaded and my PHP setup seems to meet the minimum requirements for the SDK.
The versions of PHP and cURL I'm running are:
PHP 5.5.3
cURL 7.32.0 with OpenSSL/1.0.1e. SSL is enabled in my cURL module.
I noticed Braintree is enforcing TLS 1.2 so I thought that might be the issue but I tried adding the following line to Http.php in the Braintree SDK:
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
This should set cURL to use TLS 1.2 but it didn't seem to help and I'm not sure how to verify that the setting even took effect.
I haven't managed to successfully place a request to Braintree's API yet so I'm worried this is something I'm doing wrong or maybe the version of cURL I'm using is no good. Is there anything I need to enable SSL that I've missed?
Thanks,
Brad.
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
The cURL version that you are using may be your issue, because the libcurl version should be greater than 7.40. I would recommend updating to this version, since TLS 1.2 support is added at that version and beyond.
Also, this github link takes you through the process that Braintree requires for your PHP integration to be up to date with TLS 1.2. I'm mentioning this since you wanted a way to check if your cURL was being set to instantiate TLS 1.2.
The way to do this would be:
php -r 'echo json_encode(curl_version(), JSON_PRETTY_PRINT);'
Okay, I have just climbed Himalaya. The solution above is not a solution at all. Here's what I did to solve this problem. For Centos 7 machine, yum update is sometimes useless. The only solution is to update OpenSSL and Curl manually.
There are 15 steps:
Download latest OpenSSL package.
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
Unzip
tar -xzvf openssl-1.0.2l.tar.gz
Enter folder
cd openssl-1.0.2l
Config
./config --shared
Install
make && make install
That's not the end of the journey, you have to update curl too. Download the latest version of curl.
wget https://curl.haxx.se/download/curl-7.55.1.tar.gz
Unzip
tar -xzvf curl-7.55.1.tar.gz
Enter folder
cd curl-7.55.1
Set lib path
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/ssl/lib
Config
./configure --prefix=/usr/local/curl/ --without-nss --with-ssl=/usr/local/ssl/
Install
make && make install
Backup a bit
mv /usr/bin/curl /usr/bin/curl.bak
Link it
ln -s /usr/local/curl/bin/curl /usr/bin/curl
Finally, check your curl version by
curl --version
If you did all these steps correctly, it shows
curl 7.55.1 (x86_64-pc-linux-gnu) libcurl/7.55.1 OpenSSL/1.0.2l
