Helo Tony,

Tony Bibbs wrote:
> Is there a way to use curl to sign a plain old HTTP request with a
> self-signed cert?

Please,
What do you want ?

do you want to
1. do HTTP over SSL with client authentication ?
2. sign your data and send the signed data over HTTP ?

2 is outside the realm of curl.

1 is not possible with SSL:
the server sends a list of CAs that it accepts for
client authentication.
Since the CA that issued your client certificate,
this woud only be possible if that certificate is in this list.

> The scenario I have it I have a PHP server Nat'd to a WebSphere box that
> has a web service I want to consume. By signing the request I am hoping
> to be able to identify the server it came from despite being nat'd. Is

???
Please rethink what you do.
You use curl for _client_ operations...

> this possible with curl? If not is it possible at all? Note,
> encryption is not needed.

You could specially select the NULL cipher, but that is
not allowed in normal SSL configurations.

Use DES as session cipher.
 From the security point of view
that is almost equal to no cipher at all ;-)

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0