commandline curl POST gives zero content length

I'm using commandline curl to do a POST via a proxy but my form data is vanishing to zero content length. Any ideas what I'm doing wrong?

Here's my command line (uses a public test form so others can try it):

curl -v --proxy-ntlm --proxy proxyserver:proxyport --proxy-user : -d "fname=a&lname=b" http://www.snee.com/xml/crud/posttest.cgi

-v = verbose

next few arguments get us through the proxy using windows authentication

-d = should do a post with the given arguments

However, both the response and the verbose print out suggest the form content is vanishing. The curl prints "Content-Length: 0" and the returned html has both arguments missing and a content length of 0.

The bug doesn't seem to be in the proxy server as curl admits it is sending a content length of 0. Does anyone know a solution to this problem? Has anyone else seen it?

Update: this person appears to have the same bug, but no solution suggested, apart from not using ntlm which I have to

Update 2: This definitely only happens with NTLM authentic开发者_如何学Goation, I've tried an alternative authentication method which works. Also, using -F instead of -d (for binary form data) fails in the same way.

Update 3 (workaround): I've had a bit of discussion on the curl-users list about this. A workaround was provided which is to use --proxy-anyauth instead of --proxy-ntlm. I'm still investigating the problem but this workarounf works for me.

NTLM is a challenge-response protocol. When you indicate that you're going to use NTLM, a client will first send a request without the body (to avoid wasting the bandwidth of sending the body only to have it rejected by the HTTP/401 challenge from the server). Only once the Challenge/Response protocol is complete will the body actually be posted.

This causes a number of problems in cases where the client expects NTLM but the proxy or server has no idea (and thus acts on the 0-byte POST, never challenging the client).

I was having this problem making a request using HTTP digest. Eric is correct, curl is trying to be clever and not post any data because it knows it will have to make the request again after it receives the challenge from the server.

It turns out if you provide the --anyauth option (which asks curl to autodetect the authentication method), the initial request will include all the POST data, and (in my case) the server responded as expected.