Setting the verify mode to "don't verify" leaves you open to a man-in-the-middle attack. Programs like ettercap will be able to intercept and decrypt your traffic. If you're concerned about that, the right solution is to make sure there's a certificate authority file somewhere the script can find it. The IO::Socket::SSL module source contains such a file, but I don't think it's installed automatically. To find out where it's looking for certificates, the strace and truss commands are always useful.