Why does a missing CA file cause the request to fail, even though I've used ua->ssl_opts( verify_hostname => 0 );?
Just because you aren't verifying the hostname doesn't mean it won't try to verify the certificate. The CA file is used to verify the certificate which may or may not match the hostname.
What do I have to do to get a better error message out of LWP::UserAgent?
Very difficult to get the precise problem as this is handled by the lower-level SSL modules. I'd recommend that you add
use IO::Socket::SSL 'debug4';
before you use LWP. That gives loads of output and should at least narrow down the problem to the SSL handshake if nothing more specific. I agree that this is very annoying and would be keen to see better diagnostics passed back up the tree to LWP and thus available to the users. That likely won't be easy.