PHP Zen Cart SSL Connect Error: Mystery Solved
Warning: Geek speak ahead.
For many years, I have done web development as a hobby and side income. Since I’ve been in seminary, I have dramatically curtailed this activity, but I do still help people out. And I have a couple of clients that I continue to maintain. This week, one of these clients had a problem. Their website, an online store using Zen Cart, was suddenly reporting that it could not communicate with the credit card company (Linkpoint / First Data).
The first thing I did when I received this report was to check my spam filter for the error reports. When I found it, I was stumped: all it contained was a generic cURL error: 35 – SSL Connect error. This said that something went wrong when the script was trying to contact the credit card processor’s secure server, but it didn’t really tell me what.
With nothing more to go on, my first suspicion was outdated software. Indeed, Zen Cart told me that we were one version behind. So I updated that. Nothing.
My second suspicion was a corrupt setting. So I rooted through the settings and confirmed that everything was correct. Then I thought it was perhaps a momentary blip. So I waited a day to see if the error would clear. It didn’t.
With still no information to go on, I began to research the issue. I found several places online that talked about this message. Some talked about needing to update an SSL certificate. Others talked about checking server and port settings. Still others talked about needing to update PHP and a number of other things. None of them specifically dealt with Zen Cart and the Linkpoint payment module. Worse, the wide variety of diagnoses confirmed that this was a very generic error message: no help there.
I reached out to the hosting company. Their support was… underwhelming. The first person I chatted with never grasped that the problem was not between the end user and the server. Despite repeated attempts to explain the situation, they kept telling me that my SSL certificate was fine and they saw no errors on the website. The second person with whom I chatted dug a little deeper, checking to make sure that the server could communicate via the required port (i.e., 1129). Unfortunately, before that process was completed, something happened to our connection, and we got cut off.
At this point, I attempted to submit a support ticket rather than use the live chat. Unfortunately, the hosting company has apparently done away with support tickets and refers everything to live chat. I will probably be searching for a new hosting company going forward.
Finally yesterday, I was able to chat with a third support representative at the hosting company. This agent worked with me to confirm that the server was in fact able to communicate via port 1129. This, however, left me back at square one: not knowing the problem.
I asked the client to reach out to his bank. Their local banker referred us to their merchant support services and the credit card processing team. In the meantime, I kept researching.
And that’s when we struck gold. A single post on the Zen Cart support forum, so new that it had not yet been indexed by Google, described our exact problem. And the solution: line 322 in /includes/modules/payment/linkpoint_api/class.linkpoint_api.php:
curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
This line specified that cURL should use SSL v3 (aka, TLS) to communicate with the Linkpoint servers. This version of SSL has been compromised for several years, but the Linkpoint payment module was apparently never updated. It would seem that on or about February 14, Linkpoint grew tired of waiting and shut it down. The solution, then, was simple: comment out line 322 and allow cURL to negotiate with the host which SSL version to use.
And just like that, the problem was solved.
I don’t offer this here to trumpet my own horn. Rather, I offer it in the hopes of making life for some other webdev a little bit easier! Happy coding!