IO::Socket::SSL depends on Net::SSLeay which actually wraps OpenSSL so if you can get Net::SSLeay rebuilt I think you should be alright. I haven't looked that deeply. Some monk surely knows more.

Unless you build statically linked versions it should be enough to just install a patched openssl shared library (libssl.so, libcrypto.so). If you are not sure you might check with strace on linux, e.g.:

 $ strace -e open perl -MNet::SSLeay
 ....
 open("/lib/x86_64-linux-gnu/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
+                                                                     
+                                                    
 open("/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) 
+= 3
[download]

If you see these libs loaded dynamically all is fine and you just need to replace them by installing the updated libssl package.

Backdoors imply they were there on purpose. In fact, OpenSSL is just a big mess.

---

"There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.

Isn't the excuse that it's all a big mess the easiest way to provide a cover story for putting in backdoors? I mean look at Microsoft Windows. There was a news release about a year ago which said that just about any Microsoft system gets infected within 30 minutes of being online. Is Microsoft code that big of a mess?

---

I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh