Thanks for the analysis that the problem is caused by a change in the
SSLEAY_DIR/OPENSSL_DIR constant with OpenSSL 1.1. I've adapted IO::Socket::SSL
in 2.040 (just released) to try both constants so the problem should hopefully
be solved by simply upgrading to 2.040.
Apart from that the problem would have probably be found by the live tests
(t/external) since these check if the default trust path can be used to verify
the certificte of some common sites. Unfortunately Debian explicitly does not
run these live tests by default. But it might make sense to run these at least
once before shipping a new version.
Regards,
Steffen, maintainer IO::Socket::SSL
