Ubercart's PayPal module uses drupal_http_request to respond to an IPN over https (i.e. with SSL). My hosting service configures PHP without the "--with-openssl" option, so the response fails and the order is stuck in pending. The Drupal log says 'IPN failed with HTTP error Unable to find the socket transport "ssl" - did you forget to enable it when you configured PHP?'.
I don't know if my hosting service is unusual, although it is regarded as one of the top providers in the UK. They tell me that I can use SSL via the cURL library. It looks as if uc_paypal.module uses the cURL library for requests to PayPal Website Payments Pro and Express Checkout, so why can't it do the same for the IPN response? Better still, why not switch between drupal_http_request or cURL for all https requests, depending on what SSL support is available in the server's PHP?
Modifying the PayPal module to use cURL instead of drupal_http_request is beyond my skills, so I have just hacked it to use http instead of https for the IPN response. This works (my orders now move to "Payment received"), and hardly counts as a security risk, since the IPN itself is received over http.
