You need to set the cnf so it won't prompt.
Here's a little excerpt from a shell script:
cat @eof $CONFFILE
# openssl x509 extfile params
extensions = extend
[req] # openssl req params
prompt = no
distinguished_name = dn-param
[dn-param] # DN fields
C = US
ST = WA
L = Yadda
O = Yadda
OU = Chain
Title: Message
Have you tried setting the verify mode? It's
ignored by default.
From man IO::Socket::SSL:
SSL_verify_mode
This option sets the verification mode for the peer
certificate.
The default (0x00) does no authentication. You may combine
0x01
(verify peer), 0x02 (fail
