diff --git a/Makefile b/Makefile
index 43c3eac..64a8355 100644
--- a/Makefile
+++ b/Makefile
@@ -5,17 +5,9 @@
 name = proxytunnel
 version = $(shell awk 'BEGIN { FS="\"" } /^\#define VERSION / { print $$2 }' config.h)
 
-ifneq ($(wildcard .svn),)
-revision = $(shell svnversion | awk 'BEGIN { RS=":" } { next } END { print $$1 }')
-else
-revision = $(shell echo '$$Revision$$' | sed -e 's/\$$Revision: \([0-9]\+\) \$$$$/\1/')
-endif
-
 CC ?= cc
 CFLAGS ?= -Wall -O2 -ggdb
 
-OPTFLAGS = -DREVISION=\"$(revision)\"
-
 # Comment on non-gnu systems
 OPTFLAGS += -DHAVE_GETOPT_LONG
 
diff --git a/README b/README
index 5594088..bdb7fe3 100644
--- a/README
+++ b/README
@@ -3,8 +3,6 @@ proxytunnel
 -----------
 
 Author:		Jos Visser <josv@osp.nl>, Mark Janssen <maniac@maniac.nl>
-Date: 		Mon Mar  3 22:49:43 CET 2008
-Version:	1.9.0
 
 Hi all,
 
@@ -22,27 +20,32 @@ Proxytunnel is very easy to use, when running proxytunnel with the help
 option it specifies it's command-line options.
 
 $ ./proxytunnel --help
-proxytunnel 1.9.0 (rev 224) Copyright 2001-2008 Proxytunnel Project
+proxytunnel 1.9.9 Copyright 2001-2018 Proxytunnel Project
 Usage: proxytunnel [OPTIONS]...
-Build generic tunnels through HTTPS proxies, supports HTTP authorization
+Build generic tunnels through HTTPS proxies using HTTP authentication
 
 Standard options:
- -i, --inetd               Run from inetd (default=off)
+ -i, --inetd               Run from inetd (default: off)
  -a, --standalone=INT      Run as standalone daemon on specified port
  -p, --proxy=STRING        Local proxy host:port combination
  -r, --remproxy=STRING     Remote proxy host:port combination (using 2 proxies)
  -d, --dest=STRING         Destination host:port combination
  -e, --encrypt             SSL encrypt data between local proxy and destination
  -E, --encrypt-proxy       SSL encrypt data between client and local proxy
- -X, --encrypt-remproxy    Encrypt between 1st and 2nd proxy using SSL
+ -X, --encrypt-remproxy    SSL encrypt data between local and remote proxy
+ -L                        (legacy) enforce TLSv1 connection
+ -T, --no-ssl3             Do not connect using SSLv3
 
 Additional options for specific features:
+ -z, --no-check-certficate Don't verify server SSL certificate
+ -C, --cacert=STRING       Path to trusted CA certificate or directory
  -F, --passfile=STRING     File with credentials for proxy authentication
  -P, --proxyauth=STRING    Proxy auth credentials user:pass combination
- -R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination
+ -R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination 
  -N, --ntlm                Use NTLM based authentication
  -t, --domain=STRING       NTLM domain (default: autodetect)
  -H, --header=STRING       Add additional HTTP headers to send to proxy
+ -o STRING                 send custom Host Header
  -x, --proctitle=STRING    Use a different process title
 
 Miscellaneous options:
@@ -51,7 +54,6 @@ Miscellaneous options:
  -h, --help                Print help and exit
  -V, --version             Print version and exit
 
-
 To use this program with OpenSSH to connect to a host somewhere, create
 a $HOME/.ssh/config file with the following content:
 
diff --git a/cmdline.c b/cmdline.c
index 518d216..e1ee9b0 100644
--- a/cmdline.c
+++ b/cmdline.c
@@ -38,7 +38,7 @@ extern char * optarg;
 static char *getCredentialsFromFile( const char* filename, char **user, char **pass, char **rem_user, char **rem_pass);
 
 void cmdline_parser_print_version (void) {
-	printf ("%s %s (rev %s) Copyright 2001-2008 Proxytunnel Project\n", PACKAGE, VERSION, REVISION);
+	printf ("%s %s Copyright 2001-2018 Proxytunnel Project\n", PACKAGE, VERSION);
 }
 
 void cmdline_parser_print_help (void) {
diff --git a/config.h b/config.h
index 4e73de1..204ded5 100644
--- a/config.h
+++ b/config.h
@@ -17,7 +17,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
-#define VERSION "1.9.0"
+#define VERSION "1.9.9"
 #define PACKAGE "proxytunnel"
 #define PURPOSE "Build generic tunnels through HTTPS proxies"
 #define AUTHORS "Jos Visser (Muppet) <josv@osp.nl>, Mark Janssen (Maniac) <maniac@maniac.nl>"
diff --git a/http.c b/http.c
index 7f16ac9..3b85418 100644
--- a/http.c
+++ b/http.c
@@ -157,9 +157,9 @@ void proxy_protocol(PTSTREAM *pts) {
 		while ( strcmp( buf, "\r\n" ) != 0 )
 			readline(pts);
 
-/* If --encrypt-remproxy is specified, connect to the remote proxy using SSL */
-	if ( args_info.encryptremproxy_flag )
-		stream_enable_ssl(stunnel, args_info.remproxy_arg);
+		/* If --encrypt-remproxy is specified, connect to the remote proxy using SSL */
+		if ( args_info.encryptremproxy_flag )
+			stream_enable_ssl(stunnel, args_info.remproxy_arg);
 
 		if( args_info.verbose_flag )
 			message( "\nTunneling to %s (destination)\n", args_info.dest_arg );
diff --git a/proxytunnel.h b/proxytunnel.h
index abfef25..593cd7e 100644
--- a/proxytunnel.h
+++ b/proxytunnel.h
@@ -26,8 +26,8 @@ void message( char *s, ... );
 void my_perror( char *msg );
 void signal_handler( int signal );
 int tunnel_connect();
-void analyze_HTTP();
-void proxy_protocol();
+void analyze_HTTP(PTSTREAM *pts);
+void proxy_protocol(PTSTREAM *pts);
 void closeall();
 void do_daemon();
 void initsetproctitle(int argc, char *argv[]);
diff --git a/ptstream.c b/ptstream.c
index 88d9e1f..d1c5f44 100644
--- a/ptstream.c
+++ b/ptstream.c
@@ -290,14 +290,25 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
 	SSL_set_rfd (ssl, stream_get_incoming_fd(pts));
 	SSL_set_wfd (ssl, stream_get_outgoing_fd(pts));	
 
+	/* Determine the host name we are connecting to */
+	proxy_arg_len = strlen(proxy_arg);
+	if ((peer_host = malloc(proxy_arg_len + 1)) == NULL) {
+		message("Out of memory\n");
+		goto fail;
+	}
+	snprintf( proxy_arg_fmt, sizeof(proxy_arg_fmt), proxy_arg[0] == '[' ? "[%%%zu[^]]]" : "%%%zu[^:]", proxy_arg_len - 1 );
+	if ( sscanf( proxy_arg, proxy_arg_fmt, peer_host ) != 1 ) {
+		goto fail;
+	}
+
 	/* SNI support */
 	if ( args_info.verbose_flag ) {
-           message( "Set SNI hostname to %s\n", args_info.proxyhost_arg );
-    }
-	res = SSL_set_tlsext_host_name(ssl,args_info.proxyhost_arg);
+		message( "Set SNI hostname to %s\n", peer_host);
+	}
+	res = SSL_set_tlsext_host_name(ssl, peer_host);
 	if (res < 0) {
-	   message( "TLS SNI error, giving up: SSL_set_tlsext_host_name returned error message:\n  %u\n", res );
-	   exit( 1 );
+		message( "TLS SNI error, giving up: SSL_set_tlsext_host_name returned error message:\n  %u\n", res );
+		exit( 1 );
 	}
 	
 	SSL_connect (ssl);
@@ -318,17 +329,6 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
 			goto fail;
 		}
 
-		/* Determine the host name we are connecting to */
-		proxy_arg_len = strlen(proxy_arg);
-		if ((peer_host = malloc(proxy_arg_len + 1)) == NULL) {
-			message("Out of memory\n");
-			goto fail;
-		}
-		snprintf( proxy_arg_fmt, sizeof(proxy_arg_fmt), proxy_arg[0] == '[' ? "[%%%zu[^]]]" : "%%%zu[^:]", proxy_arg_len - 1 );
-		if ( sscanf( proxy_arg, proxy_arg_fmt, peer_host ) != 1 ) {
-			goto fail;
-		}
-
 		/* Verify the certificate name matches the host we are connecting to */
 		if (!check_cert_names(cert, peer_host)) {
 			goto fail;