diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 8f9f0cb9caf809e7c4e905e4121cc779daa907a5..2b6381a9b0ffa36f45ac05faf198b508a660a556 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -23,7 +23,7 @@ test40 test42 test69 test70 test71 test72 test73 test146 test505 \
 test74 test75 test76 test77 test78 test147 test148 test506 test79 test80 \
 test81 test82 test83 test84 test85 test86 test87 test507 test149 test88 \
 test89 test90 test508 test91 test92 test203 test93 test94 test95 test509 \
-test510 test97 test98 test99
+test510 test97 test98 test99 test150 test151 test152
 
 # The following tests have been removed from the dist since they no longer
 # work. We need to fix the test suite's FTPS server first, then bring them
diff --git a/tests/data/test150 b/tests/data/test150
new file mode 100644
index 0000000000000000000000000000000000000000..ac23de02fb859f5893215f408b0fcd2ea49c0daa
--- /dev/null
+++ b/tests/data/test150
@@ -0,0 +1,82 @@
+# Server-side
+<reply>
+
+# no <data> in this test since we have NTLM from the start
+
+# This is supposed to be returned when the server gets a first
+# Authorization: NTLM line passed-in from the client
+<data1001>
+HTTP/1.1 401 Now gimme that second request of crap
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 34
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+
+This is not the real page either!
+</data1001>
+
+# This is supposed to be returned when the server gets the second
+# Authorization: NTLM line passed-in from the client
+<data1002>
+HTTP/1.1 200 Things are fine in server land swsclose
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+
+Finally, this is the real page!
+</data1002>
+
+<datacheck>
+HTTP/1.1 401 Now gimme that second request of crap
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 34
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+
+HTTP/1.1 200 Things are fine in server land swsclose
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+
+Finally, this is the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+# NTLM only works if SSL-support is present
+<features>
+SSL
+</features>
+<server>
+http
+</server>
+ <name>
+HTTP with NTLM authorization and --fail
+ </name>
+ <command>
+http://%HOSTIP:%HOSTPORT/150 -u testuser:testpass --ntlm --fail
+</command>
+</test>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /150 HTTP/1.1
+Authorization: NTLM TlRMTVNTUAABAAAAAgIAAAAAAAAgAAAAAAAAACAAAAA=
+User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
+Host: 127.0.0.1:8999
+Pragma: no-cache
+Accept: */*
+
+GET /150 HTTP/1.1
+Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145
+User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
+Host: 127.0.0.1:8999
+Pragma: no-cache
+Accept: */*
+
+</protocol>
+</verify>
diff --git a/tests/data/test151 b/tests/data/test151
new file mode 100644
index 0000000000000000000000000000000000000000..f499f96c0a229e557a5282848af1a69d989227aa
--- /dev/null
+++ b/tests/data/test151
@@ -0,0 +1,40 @@
+# Server-side
+<reply>
+<data>
+HTTP/1.0 401 BAD BOY
+Server: swsclose
+Content-Type: text/html
+
+This contains a response code >= 400, so curl shouldn't display this.  Even
+though it's a response code that triggers authentication, we're not using
+authentication so we should still fail.
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP GET with an error code that might trick authentication
+ </name>
+ <command>
+http://%HOSTIP:%HOSTPORT/151
+</command>
+</test>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent: curl/.*
+</strip>
+<protocol>
+GET /151 HTTP/1.1
+User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
+Host: 127.0.0.1:8999
+Pragma: no-cache
+Accept: */*
+
+</protocol>
+</verify>
diff --git a/tests/data/test152 b/tests/data/test152
new file mode 100644
index 0000000000000000000000000000000000000000..7edd0afc8394e4bb22bb50657ad692b998dc2962
--- /dev/null
+++ b/tests/data/test152
@@ -0,0 +1,43 @@
+# Server-side
+<reply>
+<data nocheck=1>
+HTTP/1.0 401 BAD BOY
+Server: swsclose
+Content-Type: text/html
+
+This contains a response code >= 400, so curl shouldn't display this.  Even
+though it's a response code that triggers authentication, we're not using
+authentication so we should still fail.
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP GET with an error code that might trick authentication and --fail
+ </name>
+ <command>
+http://%HOSTIP:%HOSTPORT/152 --fail
+</command>
+</test>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent: curl/.*
+</strip>
+<protocol>
+GET /152 HTTP/1.1
+User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
+Host: 127.0.0.1:8999
+Pragma: no-cache
+Accept: */*
+
+</protocol>
+<errorcode>
+22
+</errorcode>
+</verify>