Regarding version numbers, I'll mention something here that I used to have to tell customers in the web hosting biz all the time: stuff sometimes gets backported and version numbers don't tell the whole story. For instance, RHEL 5 has "curl-7.15.5-15.el5" right now, and that would suggest it doesn't support either of the CURLOPTS required to disable this.
However, the actual build loops in a patch called curl-7.15.5-CVE-2009-0037.patch, and that adds in all of the CURLPROTO_* magic required to lock down an application. I discovered this tonight when updating my client-side code to restrict redirects and found that it would build fine on RHEL 5 even though I expected it to die. A little digging around in the source RPM explained it.
So, if you're on an OS like RHEL and you think you might not be able to use this feature, try looking in your curl.h file. You might actually have support courtesy of some backported patch from your distributor.
However, the actual build loops in a patch called curl-7.15.5-CVE-2009-0037.patch, and that adds in all of the CURLPROTO_* magic required to lock down an application. I discovered this tonight when updating my client-side code to restrict redirects and found that it would build fine on RHEL 5 even though I expected it to die. A little digging around in the source RPM explained it.
So, if you're on an OS like RHEL and you think you might not be able to use this feature, try looking in your curl.h file. You might actually have support courtesy of some backported patch from your distributor.