RHEL 5 and problem with curl dependencies (libssh2 1.2.8)

Hi, Apologies if I'm asking something real stupid, or asking in the wrong place - "I'm new here" as they say. I have a customer who is required to upgrade their production application. As part of this, the supplier has specified that curl needs upgrading to 7.21.x (currently they're on 7.16.1-1.1 I've downloaded the relevant rpm and found the yum install failed with dependency upon libcurl also being upgraded to version 7.21.x - so I duly downloaded that rpm too! You guessed? It still fails - this time asking for libssh2 to be version 1.2.8 or later. Herein seems to lie my problem. libssh2 1.2.8 is a pretty recent release, and I've only so far found one place to get a rpm file for it - via the 'pbone' site. So far so good I thought! Ahh no! Now it's complaining that the libssh2 rpm package is 'signed' and I need to get a key ... and my grand question ... how can I get this, given it doesn't seem to be listed anywhere on any sites? I've also now tried downloading the source for libssh2 1.2.8 - but then ran into next stumbling block ... I don't have any C/C++,etc, compilers installed anywhere, so this seems to be a non-starter too :-( I'm pretty much open to suggestions from my peers now as to how I might go about sorting this out. Your comments/suggestions would be very welcome. (And just before anyone asks if I've placed a call with RH support - yes - they've spent the week looking into the problem before declaring "libssh2 is not from us, so you're not supported".) Thanks Paul