With David Byron's test server I could repeat his problem and make sure that

POSTing over HTTPS:// with NTLM works fine now. There was a general problem
with multi-pass authentication with non-GET operations with CONNECT.

diff --git a/lib/http.c b/lib/http.c
index 9c9d6d5..14f4588 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -1076,7 +1076,7 @@ CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn,
               else if(2 == sscanf(line_start, "HTTP/1.%d %d",
                                   &subversion,
                                   &k->httpcode)) {
-                /* store the HTTP code */
+                /* store the HTTP code from the proxy */
                 data->info.httpproxycode = k->httpcode;
               }
               /* put back the letter we blanked out before */
@@ -1094,9 +1094,10 @@ CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn,
     if(error)
       return CURLE_RECV_ERROR;
 
-    /* Deal with the possibly already received authenticate headers. 'newurl'
-       is set to a new URL if we must loop. */
-    Curl_http_auth_act(conn);
+    if(data->info.httpproxycode != 200)
+      /* Deal with the possibly already received authenticate
+         headers. 'newurl' is set to a new URL if we must loop. */
+      Curl_http_auth_act(conn);
 
   } while(conn->newurl);