CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Created perl tracking bugs for this issue: Affects: fedora-all [bug 2218904]
Public commit for this issue in perl upstream: https://github.com/Perl/perl5/commit/96ea0b9b6169d72ff9a79b49e89d58bbf4f61620
Public commit for this issue in CPAN.pm upstream: https://github.com/andk/cpanpm/pull/175/commits/c58b55d0c22c86ec015e694450585b0c23c4750c
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6539 https://access.redhat.com/errata/RHSA-2023:6539