Hi Ralf,
That's what I did. I replaced a PKGBUILD's http://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz by https://cpan.metacpan.org/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz so I removed the search and migrated from http to https.
However, using the search URL with https does still return a 403.
$ curl --user-agent archlinux -L
"https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz" --output 1_Goo-Canvas-0.06.tar.gz
That URL isn't either of the two you initially give. :-)
curl: (60) SSL certificate problem: self signed certificate ... $ curl --user-agent archlinux --insecure -L
"https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz" --output 2_Goo-Canvas-0.06.tar.gz
... $ strings 2_Goo-Canvas-0.06.tar.gz | head -5 <html> <head><title>403 Forbidden</title></head>
Try precisely this: curl -sSvg -L \ https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz \ >foo.tar.gz This will give more detail on each connection and how the certificates fare. I get a valid tar file. $ b2sum -l32 foo.tar.gz 3a2a9dd1 foo.tar.gz $ tar tf foo.tar.gz | wc -l 47 -- Cheers, Ralph.