Skip to first unread message
Brent Washburne
Jun 4, 2015, 4:08:34 PM6/4/15
to google-a...@googlegroups.com
PayPal is upgrading their SSL certificates this year, according to their [Merchant Security System Upgrade Guide][1]. It the guide, it says to:
- Discontinue use of the Verisign G2 Root Certificate and use the G5 Root Certificate, and
- Update to the SHA-256 signing algorithm
My merchant site uses the Google Appengine and the `urlfetch()` call to PayPal. Has AppEngine already made these upgrades?
P.S. I posted this same question on StackOverflow but was downvoted. I thought SO was the preferred place for AppEngine questions?
Nick (Cloud Platform Support)
Jun 5, 2015, 10:07:40 AM6/5/15
to google-a...@googlegroups.com, Brent Washburne
The reason people on stackoverflow are downvoting is because the question is really not one that an average, technically-informed user could answer. Rather, this touches on questions which only project members could answer, since we maintain and develop URL Fetch and its certificate files, signing algorithms. App Engine issue reports should go to the google app engine public issue tracker, issues or errors with your own code/project should go to stackoverflow, and threads like this one belong here.
Given that there's already a public issue tracker issue opened for better documenting the HTTPS behaviour/settings of Url Fetch, I'll have to update this thread within the next week, after seeing if I can glean any more useful information.
One easy way to determine whether things are working for you is to attempt to make API calls and observe if any errors occur, when targeting the API in the "sandbox environment", since the document you linked says the changes would be implemented in February 2015 in this "sandbox environment" (sorry I'm not more familiar with paypal's infrastructure or terminology).
So, I hope to update this thread within the next week with any information I can gather.
Sincerely,
Nick
Given that there's already a public issue tracker issue opened for better documenting the HTTPS behaviour/settings of Url Fetch, I'll have to update this thread within the next week, after seeing if I can glean any more useful information.
One easy way to determine whether things are working for you is to attempt to make API calls and observe if any errors occur, when targeting the API in the "sandbox environment", since the document you linked says the changes would be implemented in February 2015 in this "sandbox environment" (sorry I'm not more familiar with paypal's infrastructure or terminology).
So, I hope to update this thread within the next week with any information I can gather.
Sincerely,
Nick
Nick (Cloud Platform Support)
Jun 5, 2015, 10:08:20 AM6/5/15
to google-a...@googlegroups.com, pay...@google.com, Brent Washburne
Just a quick update, here's the public issue tracker thread I mentioned. Feel free to star it to increase the priority.
Brent Washburne
Jun 6, 2015, 3:05:09 PM6/6/15
to google-a...@googlegroups.com
Cross-referencing another thread discussing this same topic:
Nick (Cloud Platform Support)
Jun 24, 2015, 4:22:56 PM6/24/15
to google-a...@googlegroups.com, Brent Washburne
As observed in the other thread and confirmed independently on my end, testing seems to work, indicating that the standards are met. Urllib2 will not use SHA256, although UrlFetch does, so it's important to use UrlFetch. More documentation on UrlFetch is a current goal of the product team, so expect that updates to the docs which elaborate these details to come in the short-to-medium term.
Khalid Keenan
Apr 3, 2016, 6:53:13 AM4/3/16
to Google App Engine, Brent Washburne
As an FYI for anyone working with Appengine SDK for Java, testing the urlfetch() call to Paypal when using the development server will still fail with an SSLHandhshake exception. An issue has previously been raised https://code.google.com/p/googleappengine/issues/detail?id=12705
Reply all
Reply to author
Forward
0 new messages