Comment 2 for bug 1408331

The option verify_hostname is like the name suggests only responsible for verifying the host name against the certificate. It does not control the verification of the certificate chain or any other certificate validations, even if it can be used like this in some versions of LWP::Protocol::https. But this is actually a bug, see https://github.com/libwww-perl/lwp-protocol-https/pull/14 (very long discussion).

The only documentation of the option verify_hostname in LWP::UserAgent says:

           "verify_hostname" => $bool
            When TRUE LWP will for secure protocol schemes ensure it connects to servers that have a valid certificate
            matching the expected hostname.

Which confirms that this option cares about verifying the host name only.

To disable any kind of certificate validation you have to use ssl_opts to set SSL_verify_mode to 0 (i.e. SSL_VERIFY_NONE).