I've never used Net::SSLeay, but the docs say that the Content-Length and Content-Type headers are added automatically by post_https(). So if I remove your Content-Length header, the above script gives me:

  <?xml version="1.0" encoding="UTF-8"?>
  <Response>
    <QuickResponse HcsTcsInd="T" Version="2">
    <ProcStatus>20412</ProcStatus>
    <StatusMsg StatusMsgLth="52">Precondition Failed: Security Informa
+tion is missing</StatusMsg>
    </QuickResponse>
  </Response>
[download]

The Content-length: 239 that you were seeing is the length of THEIR response, not your request. I think that Content-Length isn't the problem here - the problem is that you're not providing authorization details perhaps?

Clint