libwww-perl(-5.808) has serious security flaw for over 4 years now
we don't execute $sock->
More experimentation has shown that this only happens when doing "use IO::Socket::SSL". Otherwise, Crypt::SSLeay is used and that one shows the opposite behaviour: unverified server certs are NEVER accepted. I don't even know how to set the verification level und neither seems to be documented what exactly gets verified.... (server name at least?? How about redirects?....)
Please fix this and/or report it upstream because I consider it a major issue.