On Wednesday, March 25, 2015 at 7:26:31 AM UTC-5, barryhunter wrote: > > > Do you have evidence that Google *doesn't *support SHA-256 Certificates? > (I guess in this case via URLFetch) (Note SHA-256 is not encryption, its > how the certificates are validated) >
I don't know one way or another -- that's why I thought I'd ask. I've heard that Google is encouraging the rapid migration away from SHA-1, but I could not find any announcements from Google about their own schedule for this -- especially for App Engine and if they will be supporting SHA-256. > > If Paypal is talking directly with users, then its upto if the the users > browser supports such certificates. > (and at worse, supposing URLFetch doesnt work with such certifcates, could > perhaps just validate_certificate=FALSE, or even bypass URLFetch via teh > sockets API) > I believe the user's browser is responsible for part of the transaction, but with their IPN solution <https://developer.paypal.com/docs/classic/products/instant-payment-notification/> my app (on App Engine) first needs to request a transaction id, then after PayPal confirms the payment has cleared they will POST to my app's IPN endpoint. Maybe someone from Google could chime-in and let us know what's up? -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/adce2097-335d-44f8-8237-a4cbfdc56950%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
