- Setting the Content-Length: header from your app when you do a POST or PUT

is almost always a VERY BAD IDEA. Yet there are still apps out there doing
  this, and now recently it triggered a bug/side-effect in libcurl as when
  libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
  knows it will just get a 401/407 back. If the app then replaced the
  Content-Length header, it caused the server to wait for input that libcurl
  wouldn't send. Aaron Oneal reported this problem in bug report #2799008
  http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.

lib/http.c

@@ -2032,6 +2032,11 @@ static CURLcode add_custom_headers(struct connectdata *conn,
                 /* this header (extended by formdata.c) is sent later */
                 checkprefix("Content-Type:", headers->data))
           ;
+        else if(conn->bits.authneg &&
+                /* while doing auth neg, don't allow the custom length since
+                   we will force length zero then */
+                checkprefix("Content-Length", headers->data))
+          ;
         else {
           CURLcode result = add_bufferf(req_buffer, "%s\r\n", headers->data);
           if(result)
@@ -2787,9 +2792,9 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
          we don't upload data chunked, as RFC2616 forbids us to set both
          kinds of headers (Transfer-Encoding: chunked and Content-Length) */
 
-      if(!checkheaders(data, "Content-Length:")) {
-        /* we allow replacing this header, although it isn't very wise to
-           actually set your own */
+      if(conn->bits.authneg || !checkheaders(data, "Content-Length:")) {
+        /* we allow replacing this header if not during auth negotiation,
+           although it isn't very wise to actually set your own */
         result = add_bufferf(req_buffer,
                              "Content-Length: %" FORMAT_OFF_T"\r\n",
                              postsize);