You can actually specify to the underlying socket library how you want it to verify certificates or not. The problem is the options are different depending on what socket library you're using. But there's a way to force it to use a particular one, and then you know:

{
  local $NET::HTTPS::SSL_SOCKET_CLASS = 'IO::Socket::SSL';
  $ua = LWP::UserAgent->new(ssl_opts => \%ssl_options),
}
[download]

and for %ssl_options, I'll let you look it up in the IO::Socket::SSL docs.

You could also make the setting of $NET::HTTPS::SSL_SOCKET_CLASS global if you don't have to play nice with other instances of LWP::UserAgent.

I'll note that I got burned on this when at one point I needed a particular setting (to exclude SSLv2 in favor of SSLv3 to deal with sites that immediately drop the connection if you so much as mention SSLv2) that got outdated a couple years later when SSLv3 was likewise declared anathema, the default settings of IO::Socket::SSL having caught up to what was needed to survive, I would have been better off without the explicit setting... meaning if you're going to do this stuff you're going to have to track it...)