diff --git a/README.md b/README.md
index 52350069..fb7fdfbe 100644
--- a/README.md
+++ b/README.md
@@ -61,8 +61,11 @@ the functionality:
 
 # Contributions
 
-To submit contributions, sign [Cesanta CLA](https://cesanta.com/cla.html)
-and send GitHub pull request.
+Contributions are welcome! Please follow the guidelines below:
+
+- Sign [Cesanta CLA](https://cesanta.com/cla.html) and send GitHub pull request
+- When making pull requests, please make sure that it has only one commit,
+ and imlements/fixes only one piece of functionality
 
 # Looking for a pre-compiled Mongoose web server Windows or Mac binary?
 - [Download pre-compiled Mongoose web server binary.](https://www.cesanta.com/binary.html)
diff --git a/examples/http_proxy_client/Makefile b/examples/http_proxy_client/Makefile
new file mode 100644
index 00000000..5be31ed4
--- /dev/null
+++ b/examples/http_proxy_client/Makefile
@@ -0,0 +1,4 @@
+PROG = http_proxy_client
+#SSL_LIB=openssl
+CFLAGS_EXTRA = -DMG_ENABLE_CALLBACK_USERDATA=1
+include ../examples.mk
diff --git a/examples/http_proxy_client/http_proxy_client.c b/examples/http_proxy_client/http_proxy_client.c
new file mode 100644
index 00000000..8afd1329
--- /dev/null
+++ b/examples/http_proxy_client/http_proxy_client.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2014 Cesanta Software Limited
+ * All rights reserved
+ *
+ * This program fetches HTTP URLs.
+ */
+
+#define MG_ENABLE_CALLBACK_USERDATA 1
+#include "mongoose.h"
+
+static int s_exit_flag = 0;
+static int s_show_headers = 0;
+
+static void ev_handler(struct mg_connection *c, int ev, void *ev_data,
+                       void *userdata) {
+  struct http_message *hm = (struct http_message *) ev_data;
+
+  switch (ev) {
+    case MG_EV_CONNECT:
+      if (*(int *) ev_data != 0) {
+        fprintf(stderr, "connect() failed: %s\n", strerror(*(int *) ev_data));
+        s_exit_flag = 1;
+      } else {
+        // Stage 2. Connection to the HTTP proxy is established.
+        // Write CONNECT request, and turn this connection to HTTP.
+        // NOTE: target URL is passed to us as userdata.
+        unsigned port = 80;
+        struct mg_str scheme, host;
+        mg_parse_uri(mg_mk_str((char *) userdata), &scheme, NULL, &host, &port,
+                     NULL, NULL, NULL);
+        if (port == 0) port = (scheme.len == 5) ? 443 : 80;
+        mg_printf(c, "CONNECT %.*s:%u HTTP/1.1\r\n\r\n", (int) host.len, host.p,
+                  port);
+        // Now set the flag and wait for the connection establishment
+        c->flags |= MG_F_USER_1;
+      }
+      break;
+    case MG_EV_RECV:
+      // Stage 3. Check if proxy replied. Here, we don't parse the reply
+      // for simplicity. Assume success, and write HTTP request.
+      if (c->flags & MG_F_USER_1) {
+        struct mg_str host, path;
+        c->flags &= ~MG_F_USER_1;
+        mg_parse_uri(mg_mk_str((char *) userdata), NULL, NULL, &host, NULL,
+                     &path, NULL, NULL);
+        if (path.len == 0) path = mg_mk_str("/");
+        mg_printf(c, "GET %.*s HTTP/1.0\r\nHost: %.*s\r\n\r\n", (int) path.len,
+                  path.p, (int) host.len, host.p);
+        mg_set_protocol_http_websocket(c);
+      }
+      break;
+    case MG_EV_HTTP_REPLY:
+      c->flags |= MG_F_CLOSE_IMMEDIATELY;
+      if (s_show_headers) {
+        fwrite(hm->message.p, 1, hm->message.len, stdout);
+      } else {
+        fwrite(hm->body.p, 1, hm->body.len, stdout);
+      }
+      putchar('\n');
+      s_exit_flag = 1;
+      break;
+    case MG_EV_CLOSE:
+      if (s_exit_flag == 0) {
+        printf("Server closed connection\n");
+        s_exit_flag = 1;
+      }
+      break;
+    default:
+      break;
+  }
+}
+
+int main(int argc, char *argv[]) {
+  struct mg_mgr mgr;
+  int i;
+
+  mg_mgr_init(&mgr, NULL);
+
+  /* Process command line arguments */
+  for (i = 1; i < argc; i++) {
+    if (strcmp(argv[i], "--show-headers") == 0) {
+      s_show_headers = 1;
+    } else if (strcmp(argv[i], "--hexdump") == 0 && i + 1 < argc) {
+      mgr.hexdump_file = argv[++i];
+    } else {
+      break;
+    }
+  }
+
+  if (i + 2 != argc) {
+    fprintf(stderr,
+            "Usage: %s [--hexdump <file>] "
+            "[--show-headers] PROXY_HOST:PROXY_PORT URL\n",
+            argv[0]);
+    exit(EXIT_FAILURE);
+  }
+
+  // Stage 1. Connect to the HTTP proxy as to a plain TCP server.
+  // Pass URL as a callback argument
+  mg_connect(&mgr, argv[i], ev_handler, argv[i + 1]);
+
+  while (s_exit_flag == 0) {
+    mg_mgr_poll(&mgr, 1000);
+  }
+  mg_mgr_free(&mgr);
+
+  return 0;
+}
diff --git a/mongoose.c b/mongoose.c
index e01ba0a9..fde66dec 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -4469,10 +4469,13 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) {
 #endif
 
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 #ifndef KR_VERSION
 #include <openssl/tls1.h>
 #endif
 
+static const char *mg_default_session_id_context = "mongoose";
+
 struct mg_ssl_if_ctx {
   SSL *ssl;
   SSL_CTX *ssl_ctx;
@@ -4534,6 +4537,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
+  SSL_CTX_set_session_id_context(ctx->ssl_ctx,
+                                 (void *) mg_default_session_id_context,
+                                 strlen(mg_default_session_id_context));
 #ifdef MG_SSL_OPENSSL_NO_COMPRESSION
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
 #endif
@@ -4591,6 +4597,17 @@ static enum mg_ssl_if_result mg_ssl_if_ssl_err(struct mg_connection *nc,
                                                int res) {
   struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
   int err = SSL_get_error(ctx->ssl, res);
+  /*
+   * We've just fetched the last error from the queue.
+   * Now we need to clear the error queue. If we do not, then the following
+   * can happen (actually reported):
+   *  - A new connection is accept()-ed with cert error (e.g. self-signed cert)
+   *  - Since all accept()-ed connections share listener's context,
+   *  - *ALL* SSL accepted connection report read error on the next poll cycle.
+   *    Thus a single errored connection can close all the rest, unrelated ones.
+   * Clearing the error keeps the shared SSL_CTX in an OK state.
+   */
+  ERR_clear_error();
   if (err == SSL_ERROR_WANT_READ) return MG_SSL_WANT_READ;
   if (err == SSL_ERROR_WANT_WRITE) return MG_SSL_WANT_WRITE;
   DBG(("%p %p SSL error: %d %d", nc, ctx->ssl_ctx, res, err));
@@ -5865,7 +5882,7 @@ static void mg_http_free_proto_data_endpoints(struct mg_http_endpoint **ep) {
     current = tmp;
   }
 
-  ep = NULL;
+  *ep = NULL;
 }
 
 static void mg_http_free_reverse_proxy_data(struct mg_reverse_proxy_data *rpd) {
@@ -7731,7 +7748,7 @@ static void mg_print_dir_entry(struct mg_connection *nc, const char *file_name,
   href = mg_url_encode(mg_mk_str(file_name));
   mg_printf_http_chunk(nc,
                        "<tr><td><a href=\"%s%s\">%s%s</a></td>"
-                       "<td>%s</td><td name=%" INT64_FMT ">%s</td></tr>\n",
+                       "<td>%s</td><td name=\"%" INT64_FMT "\">%s</td></tr>",
                        href.p, slash, path, slash, mod, is_dir ? -1 : fsize,
                        size);
   free((void *) href.p);
@@ -7797,23 +7814,24 @@ static void mg_send_directory_listing(struct mg_connection *nc, const char *dir,
 
   mg_printf_http_chunk(
       nc,
-      "<html><head><title>Index of %.*s</title>%s%s"
+      "<!DOCTYPE html><html><head><title>Index of %.*s</title>%s%s"
       "<style>th,td {text-align: left; padding-right: 1em; "
-      "font-family: monospace; }</style></head>\n"
-      "<body><h1>Index of %.*s</h1>\n<table cellpadding=0><thead>"
-      "<tr><th><a href=# rel=0>Name</a></th><th>"
-      "<a href=# rel=1>Modified</a</th>"
-      "<th><a href=# rel=2>Size</a></th></tr>"
-      "<tr><td colspan=3><hr></td></tr>\n"
-      "</thead>\n"
-      "<tbody id=tb>",
+      "font-family: monospace; }</style></head>"
+      "<body><h1>Index of %.*s</h1><table cellpadding=\"0\"><thead>"
+      "<tr><th><a href=\"#\" rel=\"0\">Name</a></th><th>"
+      "<a href=\"#\" rel=\"1\">Modified</a></th>"
+      "<th><a href=\"#\" rel=\"2\">Size</a></th></tr>"
+      "<tr><td colspan=\"3\"><hr></td></tr>"
+      "</thead>"
+      "<tbody id=\"tb\">",
       (int) hm->uri.len, hm->uri.p, sort_js_code, sort_js_code2,
       (int) hm->uri.len, hm->uri.p);
   mg_scan_directory(nc, dir, opts, mg_print_dir_entry);
   mg_printf_http_chunk(nc,
-                       "</tbody><tr><td colspan=3><hr></td></tr>\n"
-                       "</table>\n"
-                       "<address>%s</address>\n"
+                       "</tbody>"
+                       "<tfoot><tr><td colspan=\"3\"><hr></td></tr></tfoot>"
+                       "</table>"
+                       "<address>%s</address>"
                        "</body></html>",
                        mg_version_header);
   mg_send_http_chunk(nc, "", 0);
diff --git a/mongoose.h b/mongoose.h
index f768c8d9..3d5d2cb5 100644
--- a/mongoose.h
+++ b/mongoose.h
@@ -23,7 +23,7 @@
 #ifndef CS_MONGOOSE_SRC_COMMON_H_
 #define CS_MONGOOSE_SRC_COMMON_H_
 
-#define MG_VERSION "6.17"
+#define MG_VERSION "6.18"
 
 /* Local tweaks, applied before any of Mongoose's own headers. */
 #ifdef MG_LOCALS
@@ -228,7 +228,7 @@
 #include <windows.h>
 #include <process.h>
 
-#if _MSC_VER < 1700
+#if defined(_MSC_VER) && (_MSC_VER < 1700)
 typedef int bool;
 #else
 #include <stdbool.h>
diff --git a/src/common/platforms/platform_windows.h b/src/common/platforms/platform_windows.h
index 3b300bd6..f2eb95ae 100644
--- a/src/common/platforms/platform_windows.h
+++ b/src/common/platforms/platform_windows.h
@@ -50,7 +50,7 @@
 #include <windows.h>
 #include <process.h>
 
-#if _MSC_VER < 1700
+#if defined(_MSC_VER) && (_MSC_VER < 1700)
 typedef int bool;
 #else
 #include <stdbool.h>
diff --git a/src/mg_http.c b/src/mg_http.c
index 6d159192..70f13dc1 100644
--- a/src/mg_http.c
+++ b/src/mg_http.c
@@ -236,7 +236,7 @@ static void mg_http_free_proto_data_endpoints(struct mg_http_endpoint **ep) {
     current = tmp;
   }
 
-  ep = NULL;
+  *ep = NULL;
 }
 
 static void mg_http_free_reverse_proxy_data(struct mg_reverse_proxy_data *rpd) {
@@ -2102,7 +2102,7 @@ static void mg_print_dir_entry(struct mg_connection *nc, const char *file_name,
   href = mg_url_encode(mg_mk_str(file_name));
   mg_printf_http_chunk(nc,
                        "<tr><td><a href=\"%s%s\">%s%s</a></td>"
-                       "<td>%s</td><td name=%" INT64_FMT ">%s</td></tr>\n",
+                       "<td>%s</td><td name=\"%" INT64_FMT "\">%s</td></tr>",
                        href.p, slash, path, slash, mod, is_dir ? -1 : fsize,
                        size);
   free((void *) href.p);
@@ -2168,23 +2168,24 @@ static void mg_send_directory_listing(struct mg_connection *nc, const char *dir,
 
   mg_printf_http_chunk(
       nc,
-      "<html><head><title>Index of %.*s</title>%s%s"
+      "<!DOCTYPE html><html><head><title>Index of %.*s</title>%s%s"
       "<style>th,td {text-align: left; padding-right: 1em; "
-      "font-family: monospace; }</style></head>\n"
-      "<body><h1>Index of %.*s</h1>\n<table cellpadding=0><thead>"
-      "<tr><th><a href=# rel=0>Name</a></th><th>"
-      "<a href=# rel=1>Modified</a</th>"
-      "<th><a href=# rel=2>Size</a></th></tr>"
-      "<tr><td colspan=3><hr></td></tr>\n"
-      "</thead>\n"
-      "<tbody id=tb>",
+      "font-family: monospace; }</style></head>"
+      "<body><h1>Index of %.*s</h1><table cellpadding=\"0\"><thead>"
+      "<tr><th><a href=\"#\" rel=\"0\">Name</a></th><th>"
+      "<a href=\"#\" rel=\"1\">Modified</a></th>"
+      "<th><a href=\"#\" rel=\"2\">Size</a></th></tr>"
+      "<tr><td colspan=\"3\"><hr></td></tr>"
+      "</thead>"
+      "<tbody id=\"tb\">",
       (int) hm->uri.len, hm->uri.p, sort_js_code, sort_js_code2,
       (int) hm->uri.len, hm->uri.p);
   mg_scan_directory(nc, dir, opts, mg_print_dir_entry);
   mg_printf_http_chunk(nc,
-                       "</tbody><tr><td colspan=3><hr></td></tr>\n"
-                       "</table>\n"
-                       "<address>%s</address>\n"
+                       "</tbody>"
+                       "<tfoot><tr><td colspan=\"3\"><hr></td></tr></tfoot>"
+                       "</table>"
+                       "<address>%s</address>"
                        "</body></html>",
                        mg_version_header);
   mg_send_http_chunk(nc, "", 0);
diff --git a/src/mg_ssl_if_openssl.c b/src/mg_ssl_if_openssl.c
index c29a5448..c2c9bc40 100644
--- a/src/mg_ssl_if_openssl.c
+++ b/src/mg_ssl_if_openssl.c
@@ -10,10 +10,13 @@
 #endif
 
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 #ifndef KR_VERSION
 #include <openssl/tls1.h>
 #endif
 
+static const char *mg_default_session_id_context = "mongoose";
+
 struct mg_ssl_if_ctx {
   SSL *ssl;
   SSL_CTX *ssl_ctx;
@@ -75,6 +78,9 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
+  SSL_CTX_set_session_id_context(ctx->ssl_ctx,
+                                 (void *) mg_default_session_id_context,
+                                 strlen(mg_default_session_id_context));
 #ifdef MG_SSL_OPENSSL_NO_COMPRESSION
   SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
 #endif
@@ -132,6 +138,17 @@ static enum mg_ssl_if_result mg_ssl_if_ssl_err(struct mg_connection *nc,
                                                int res) {
   struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
   int err = SSL_get_error(ctx->ssl, res);
+  /*
+   * We've just fetched the last error from the queue.
+   * Now we need to clear the error queue. If we do not, then the following
+   * can happen (actually reported):
+   *  - A new connection is accept()-ed with cert error (e.g. self-signed cert)
+   *  - Since all accept()-ed connections share listener's context,
+   *  - *ALL* SSL accepted connection report read error on the next poll cycle.
+   *    Thus a single errored connection can close all the rest, unrelated ones.
+   * Clearing the error keeps the shared SSL_CTX in an OK state.
+   */
+  ERR_clear_error();
   if (err == SSL_ERROR_WANT_READ) return MG_SSL_WANT_READ;
   if (err == SSL_ERROR_WANT_WRITE) return MG_SSL_WANT_WRITE;
   DBG(("%p %p SSL error: %d %d", nc, ctx->ssl_ctx, res, err));
diff --git a/test/ca.pem b/test/ca.pem
index 88da4b5b..d3ce06a0 100644
--- a/test/ca.pem
+++ b/test/ca.pem
@@ -1,49 +1,43 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAv3/TSSi5hZDwMKG43eqe+GzR1lRMXVYt9I1Mr987v1DT99xR
-Dcpfo/3aj6B/V/G67oPz+zbVZN/ZPvvA1Z82T7ixcBFsGIXgEWzxUm1UCUf51ftl
-MlOaf24cdyegi0y8hRdkWLoC7w0vuMfrgR6cmpbI2LSDSMaXXX2qDoofQsFUYaJN
-Nn3uqRK0ixs/jzbzbAT9q2BWYwySUX4VEgADpmi0FyANDjEhmdktxQW9l6IGGzF8
-M9mA053hIgZwo+9qf9X3nfNUTWMvisMQtxm0mRYgvD53Oix08VLs6bodNTVOLQoc
-H0uH3CTs+H3Z0CkcZaAJe/kwCLFhls9ee3M0nQIDAQABAoIBAQCsADPWUi3QOg6C
-n79cE5AVsigHSlAMxYshTIjErs0LWZ4J0mk66bpdoXTd7Fp0szojYYGS8f1ZTXXj
-jFv3g7lUgZ9d+UgN/rDy9dcLIgeJDozoFZUfTthF/LC0lXMtqw7ou8n1p51a+Y0T
-ev2cS9J9R1G+0uPYSgdKgcRsqsLJQS4fu5CAk9d0aeTTl009uxcn9yfTUjwOaR5J
-PuNmunAEvhE/DGSkt5oNXo7t8Q2L3mYSM0MwKdDFqoQdZAV6TMTv22Mjb6SxOOnJ
-r5gNK2BmM6oNPWvzY0PoI0LcLgFNDWIMqIq4mg73MdzszakaNRDlOYtLAuKbTF3Q
-SDq8OkZBAoGBAOn6B5jBxSa+5GcIIeGqtiRhDMExyblt3Gk2gaw6UIZpvVDXPWWm
-r0tkGJrYecmqesN7DGmmdkyx8KONF+yzYLxSsIEGNesvVYe6PXTDZYYI57As4Z4W
-DFlCDt2FaKuMXxyOlUCiXg94z8IJBJ2ldCmmG34gBSvuFe6V5x4XE3crAoGBANGG
-P7AWw6uygfjog6B2dFT6n+9UhpyJlqwfPi5eD9V5JXtWlH6xWi3dRfuYAIafg95I
-W8/OZGHrj44gNCgYjvZHud+H3NPJPZ7lftoay5KeShBAa/pCd67OMxp1SvvONYcp
-7TSwm5s+hOJvQOpw2wg0cXnfrxGKpGLOFaRddp9XAoGAFdeXefUs2G8dl1i1AQIU
-utSsgiSJtlvBJblG5bMT7VhVqgRN4P1sg9c2TM5EoETf7PvBruMxS/uYgUwcnaYp
-M6tser7/rZLfoyoJrqrHAXo3VsT50u4v/O0jwh5AJTOXdW0CFeSSb1NR4cVBvw3B
-CFpPWrjWgsFZHsqzpqV01b0CgYEAkDft4pDowmgumlvBLlQaotuX9q6hsWHrOjKP
-JG9OSswGhq0DrWj5/5PNNe5cfk2SARChUZpo8hWoTFXSUL8GuHKKeFgWIhjkt1iU
-RiAne5ZEuIb/S9UweDwqZM3TfRtlMNIlGh1uHh+cbBfUAQsJWM5wRUk4QcTCfdgI
-gYhrvCUCgYBB6u8Q49RjrTBxWK8bcZOjVhYNrd3xrCunFVMt2QAXGGrRaXpqUMnp
-xNUmGe9vGux+s0TRguZcLEX3vX+wFyBfFKwZY9hSU7PFY/da8echpu37JasKvAov
-5+5XWI5RgF+SFVk+Q7St2BlSJa/vBAH8vtrX9Dt/hN/VSo2mAPAyMQ==
------END RSA PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            11:2a:0e:3c:6a:8c:85:ff:6e:6a:bc:db:95:51:70:ce:b4:30:78:c7
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root
+        Validity
+            Not Before: May  9 21:51:44 2020 GMT
+            Not After : May  9 21:51:44 2050 GMT
+        Subject: C = IE, L = Dublin, O = Cesanta, CN = Test Root
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:2c:ab:d1:02:66:24:96:d7:12:3e:09:50:4f:f1:
+                    50:ee:51:e8:55:03:5e:ba:b1:1d:98:b2:72:79:27:
+                    a8:1b:31:0d:5d:50:21:ff:42:f2:da:74:17:5e:53:
+                    b2:65:41:c1:fc:84:de:4a:11:b9:8c:f4:19:d9:c4:
+                    ca:2b:ea:eb:2c
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA256
+         30:46:02:21:00:9c:71:6c:00:8c:06:41:0c:91:2f:cd:41:d3:
+         87:47:e9:df:3a:22:ad:25:7c:bf:0e:2b:39:dd:7a:0c:4e:68:
+         1d:02:21:00:8f:c1:22:30:10:61:5d:51:10:ea:08:2d:02:63:
+         67:67:32:b5:06:63:96:57:bb:78:47:0a:88:d9:19:2e:f3:be
 -----BEGIN CERTIFICATE-----
-MIIDjjCCAnagAwIBAgIJAIOEuwkahzkOMA0GCSqGSIb3DQEBBQUAMDgxCzAJBgNV
-BAMTAm5zMQswCQYDVQQKEwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkR1Ymxp
-bjAeFw0xNDA4MzAxOTA3NDNaFw0yNDA4MjcxOTA3NDNaMDgxCzAJBgNVBAMTAm5z
-MQswCQYDVQQKEwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkR1YmxpbjCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9/00kouYWQ8DChuN3qnvhs0dZU
-TF1WLfSNTK/fO79Q0/fcUQ3KX6P92o+gf1fxuu6D8/s21WTf2T77wNWfNk+4sXAR
-bBiF4BFs8VJtVAlH+dX7ZTJTmn9uHHcnoItMvIUXZFi6Au8NL7jH64EenJqWyNi0
-g0jGl119qg6KH0LBVGGiTTZ97qkStIsbP48282wE/atgVmMMklF+FRIAA6ZotBcg
-DQ4xIZnZLcUFvZeiBhsxfDPZgNOd4SIGcKPvan/V953zVE1jL4rDELcZtJkWILw+
-dzosdPFS7Om6HTU1Ti0KHB9Lh9wk7Ph92dApHGWgCXv5MAixYZbPXntzNJ0CAwEA
-AaOBmjCBlzAdBgNVHQ4EFgQUsz/nOHpjMkV8pk9dFpy41batoTcwaAYDVR0jBGEw
-X4AUsz/nOHpjMkV8pk9dFpy41batoTehPKQ6MDgxCzAJBgNVBAMTAm5zMQswCQYD
-VQQKEwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkR1YmxpboIJAIOEuwkahzkO
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEDOtAl7bgAXgcL3HRlV
-H71tkUaok589PIqsTE4d8s8tFBZ92CyWD8ZPU46HbbyJXMFoFxiN7PvCzOBlgoZM
-r80HJWZc9tSlqK0NIbIyk1aeM06+F8qB+8/vw/spIkdYzDv3avwyOrc6fFnEzbwz
-5BFFrF2G9JajRKAP5snAV9iM8I2TD4l+w75MXXl7/DBEohdMBsTeDrrXj4q4sgoB
-L/yLeCoK6inkMTU5DwcGbiqvNnZA+9T654qlAlKjPMObGGPphK5/QKcOnV7Qtdju
-DHzDsDimdVbz9G1cxXs/AI/35GD7IDTdNTtmBhkf4/tsQ7Ua80xpIowb1fFUHmo1
-UAo=
+MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw
+RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50
+YTESMBAGA1UEAwwJVGVzdCBSb290MCAXDTIwMDUwOTIxNTE0NFoYDzIwNTAwNTA5
+MjE1MTQ0WjBEMQswCQYDVQQGEwJJRTEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQK
+DAdDZXNhbnRhMRIwEAYDVQQDDAlUZXN0IFJvb3QwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQsq9ECZiSW1xI+CVBP8VDuUehVA166sR2YsnJ5J6gbMQ1dUCH/QvLa
+dBdeU7JlQcH8hN5KEbmM9BnZxMor6ussox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBrjAKBggqhkjOPQQDAgNJADBGAiEAnHFsAIwGQQyRL81B04dH6d86Iq0l
+fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg==
 -----END CERTIFICATE-----
diff --git a/test/client.pem b/test/client.pem
index f0a7885e..80352505 100644
--- a/test/client.pem
+++ b/test/client.pem
@@ -1,45 +1,50 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAwV5xaK7ez2/TX7vSgJ0a3YbZj2l1VQ2rMzqO1Id01xlWbF/U
-rebwhAdVtWcT9R6RaBTPDGaILkV38u77M2BxIHX4MSnR6WezoA2bGMgvt3+tq2N6
-q+xkj57vwBEqedBjscVtFkoWtsX8pKwtNlMB1NvTa8p5+BNsvpvzaDX+51+FotId
-wvieQfQYgFg36HpOtOyyIV31rZ/5+qtoce8gU6wApHxmovTnQPoduNM6fOUJCHDd
-Lz90EeBREtoTVgoWcKvQoCEwJQSBmeDZgkA8Q1OYmbYoS12tIyi8rTkseRj5BvPH
-iXfNmHFKliAjvlsml5qI44I9DoagPubTf6qR5wIDAQABAoIBACZ6VZTgH0Ql22jU
-ZhnjqUHloIsyEAABvUxvXZaa8bwPtavREfAc4UVUdFCpl0YSdBrC8URlbrnOZwT3
-WxMpILm139JgoP2R/iNeMbunsh8QkA1nuTRW0NfnZ4vPnqUou33XbFKgIY7zLMfT
-3xdNQzMJHzP20Xh03RG81J2rCPMfLScTRo2XxcSxmhhS/p2WLk6pnmMHiNgYGGwX
-gcdK5lIVjMMNxgcltC30x90v0o0GDRM8/+wua+/vfn8rr3iudv9IHzL8xIzpi6NY
-CXJ8Kxd6Jtgsr3Boj5i6Mqi3Q/Trxt+rIA4bKAFXxwcp4+GmRIJtQFFiTWXpLCPC
-tLT4CHECgYEA7iCbrGjWHJ4QsUWUGrGlw1/sQ0SIv9BdZm8RydHzpRVtQOi+YOuU
-i6raVaXWzUBKgKcs/htVjAMTiePs/yhlU/MGXivz6uTX/nrD7ISJImmK2K50hgUe
-+UBnFKmBMVaNxD9RFWPJkfmNXfW7nBkqSa9CxlBcYPuOcPtZDqRl+gkCgYEAz+HX
-8wh3SHKb1cAI+o4caclpUTpGa9/zW4k+7gOh72WCKaqxTNvBvNyZGdXc9t5ToDSf
-xxsDXWG10lcHBIGLj4QBEoSWp9I43lid5swY3mCo7CjTl+1l03IfDNaC6CYQFp5p
-ZnKlsQUwR38t/uiyZpnnicCAZjqIfJbeQ5jD6G8CgYB8ufmwQa08ihJmN/KOVNRl
-VF31EfWquqHhYHXpxx2eL23tXLszGtHQoioASIANPAqJ/oaTho+1aXsXc5oUP/1r
-DlUciFsXgswb0APFY9pMewmt2xrPg+koVvJnIS25QQO6cguvb3gKDLNeLrMY3RmI
-RNNt+nOYnMqMJSsNf1CmuQKBgQCiCZxWaCbyZcNqncFh7BvhqYlaM15o/6ulkhln
-VZWIEUugRtjk2/bry9fa94TBORNeMSbKABhjVaJwTj2+GWw7dd2QHaGBNq/1QIX0
-POq1jAqf6kLkjbttUes6CosHgYPQ3bGylXLpxO2ZDV1A8Qj+SMDd8xsilEWHN+IQ
-NqeeKQKBgQDe4c7VVG+WvRRKshTh8+tjzc9nXKE2AWgwnw729SMFZO/WqX2FPp2C
-7C99XJTVBsCBy8VzuyaojeTKkag0YL3v6UTZYUeyu0YTHGQ33WVPaqdCAo840nmG
-ttwHVqshB9c67HHiYOOFt1VmT3xW6x6yympUyRqR0L+BZ1wOS3h2vQ==
------END RSA PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            03:d8:95:71:ba:5f:70:c8:4d:6a:e8:a6:0f:aa:40:d5:fc:d9:bc:6e
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root
+        Validity
+            Not Before: May  9 21:51:52 2020 GMT
+            Not After : May  9 21:51:52 2030 GMT
+        Subject: CN = client
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:e2:2e:72:7b:b6:2d:a3:d3:3b:0e:b1:4e:8a:09:
+                    19:66:ff:d6:0e:d4:3f:47:8c:20:ab:06:db:25:77:
+                    8b:2a:ac:fa:a4:e2:f8:97:ba:10:c5:fa:5d:0b:ee:
+                    28:16:56:78:0f:30:17:2b:6b:04:6c:dc:c8:f8:12:
+                    23:d3:2f:01:58
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+    Signature Algorithm: ecdsa-with-SHA256
+         30:46:02:21:00:de:e5:30:ae:50:e9:a7:14:a0:c3:79:29:df:
+         bf:d3:a3:f8:19:b0:19:b5:ab:3e:6e:c9:29:18:86:ff:fe:a7:
+         b0:02:21:00:f5:ba:90:d6:1c:fe:ff:05:44:9a:b1:20:2c:ee:
+         00:68:20:85:f7:0f:86:a2:13:1e:86:9a:03:6d:74:aa:72:c2
 -----BEGIN CERTIFICATE-----
-MIIC6DCCAdACBRQJQlZlMA0GCSqGSIb3DQEBBQUAMDgxCzAJBgNVBAMTAm5zMQsw
-CQYDVQQKEwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkR1YmxpbjAeFw0xNDA4
-MzAxOTA3NDRaFw0yNDA4MjcxOTA3NDRaMDgxCzAJBgNVBAMTAm5zMQswCQYDVQQK
-EwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkdhbHdheTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMFecWiu3s9v01+70oCdGt2G2Y9pdVUNqzM6jtSH
-dNcZVmxf1K3m8IQHVbVnE/UekWgUzwxmiC5Fd/Lu+zNgcSB1+DEp0elns6ANmxjI
-L7d/ratjeqvsZI+e78ARKnnQY7HFbRZKFrbF/KSsLTZTAdTb02vKefgTbL6b82g1
-/udfhaLSHcL4nkH0GIBYN+h6TrTssiFd9a2f+fqraHHvIFOsAKR8ZqL050D6HbjT
-OnzlCQhw3S8/dBHgURLaE1YKFnCr0KAhMCUEgZng2YJAPENTmJm2KEtdrSMovK05
-LHkY+Qbzx4l3zZhxSpYgI75bJpeaiOOCPQ6GoD7m03+qkecCAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAJ+wZ/IgAF5LIu0yOfJlaFRJLunKHZENigiVjYvkTdM7NI3O2
-1AZGY4O8H5Fs3YT5ZY3vas/n6IwWTk3o/JSPXojMFo82XkbI1k2cm3oLtwgEGN3p
-s5yFsjZE3H7fQJ9wHIzESBPHFY6dwwgMsNENuAM2zkwFpbAkisKhjK+EyUCXauok
-7zJY6RVPMaNojsje4iE/SBtSOnK/9WDBAgpCznHrSChJmKs4FsU7ZTO+Dg+0vQln
-l8/yBcEGAFe0GA2D9NvZKH5IoNmitvtU9zdNDK4dzC3Q+C28IjW5jE8peDFtdGs1
-P0u4kRxmb4UH1DchgoWlZjL2lSFScJ7L4xY2aQ==
+MIIBhzCCASygAwIBAgIUA9iVcbpfcMhNauimD6pA1fzZvG4wCgYIKoZIzj0EAwIw
+RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50
+YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE1MloXDTMwMDUwOTIx
+NTE1MlowETEPMA0GA1UEAwwGY2xpZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAE4i5ye7Yto9M7DrFOigkZZv/WDtQ/R4wgqwbbJXeLKqz6pOL4l7oQxfpdC+4o
+FlZ4DzAXK2sEbNzI+BIj0y8BWKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSQAwRgIhAN7lMK5Q6acU
+oMN5Kd+/06P4GbAZtas+bskpGIb//qewAiEA9bqQ1hz+/wVEmrEgLO4AaCCF9w+G
+ohMehpoDbXSqcsI=
 -----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgk5sv3YwDGTm29Czy
+UWuKlbfbvZqZv1fFRBOn2S0D7SuhRANCAATiLnJ7ti2j0zsOsU6KCRlm/9YO1D9H
+jCCrBtsld4sqrPqk4viXuhDF+l0L7igWVngPMBcrawRs3Mj4EiPTLwFY
+-----END PRIVATE KEY-----
diff --git a/test/server.pem b/test/server.pem
index 5ae2c837..2f628cc7 100644
--- a/test/server.pem
+++ b/test/server.pem
@@ -1,45 +1,50 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1mONQ0hAXOL9lb15Pz4fqXXNHREsF3a7/NoMJdQDclx0+a32
-MhuHcO6R7Fhsc0mZMuzbmAFLMmIIgXPMKQBZLoA12yCBlZPyKFoWUhFrLa3gUjO6
-CZlBKqkUVEACpVrQ41ihapeeUHa0uryt3tXwMn2/853yzi1uciGYi4ULTy3yTE/n
-qRIVJLiBDSC9WNFLg26f/W4YRW7tANOk2b/W/Ws9B/n7vNDgHG7Lpd38YTpFhhXT
-n3xlt/VcczkQhW79Moh6/lY6sLg6H15EjHKHeTn8t9BRm+qYi/CvC258YF/Qz/qK
-agSsLT/3FrQ6+aQgg/Eyao0IWAql49PQNxuwPQIDAQABAoIBAQC5y3S1BnyhAyb5
-Ckd1g4U0+x5TPnqTqxanvuAgOGj0RyQo7ZYbPrhWKqrTxJ3YG8Rk2dhFF3nvo/3z
-EkOwlNi07++8g6NJ2flW9xu469eSsslg8+saPnK3Yeh4SzD/1ICLRlg9ZECTQwzF
-eJbGM2oCl/AuVIgEHmNFDdCBuT9f0b7j3/Z3aK3lKzqzBYQgZ5fd8UxT+Kn4oAuS
-cLr3lQT1s6xZOAYn7O2GvXEC+yMMbvm0a97MdwSpQez1WcE9YxtCgAWwn5EmSXlh
-296iLtbaM1wgYOykJUOUoSgijf8pUfotk4Zj/y1KPHXePgAlyGCtE1zasiYb5K+5
-LuajD++BAoGBAPpKWLNzQBwQLiFaJgt6bLOxlEUR+EnjdFePDPJtyCCCiKJiKO5c
-Z5s/FT1JDQawouhjQwYqT48hbGBPjWRHkSkzB7+cg6FVSKkQRYX2TsSFvN+KCu32
-oSgDV9cFo68v1csoZIQ41TtHC82db4OTv9MPUe3Glujnep1TOTwspAM1AoGBANtH
-i+HWKOxOm7f/R2VX1ys9UjkAK+msac512XWSLAzBs7NFnB7iJ7m3Bh3ydb1ZiTgW
-l6bIdoT8TLPYNIXJ6uohhxPU5h3v81PHqIuJMBtmHCQjq3nxeH9mOsfjOFvS1cQa
-At45F9pK/5sQpOkkaBGSv8jXUFIKBEDBErourVHpAoGAK0gSAK4sZu3xXDkfnRqF
-k6lgr3UFD5nys3V8UqvjUKPiBtqco2N9Ux5ciOWKCB8hfLg1jephKaoo+JqpI68w
-jgRSEbN6G7sIvpueuiS2yEssNyfC7hWZFrdFSFykSpYmDWSlxSuizAZkJyFTeFhj
-cpcSnuCZlhr5XB1ZJ2u8zQUCgYEAke5QgpCDFZjO+ynR+vj1gppBwRuDHfUXSUaW
-3S7VT/wNOq6F0uvRYkASuxVkFAqlToWCkYVxktlRtpKZibwyMXT0r1cNejj5Z/VF
-Du/S6zkOW2K9uN7hwW9oiSSHmlx61RI2fGvkmus0pp7yERKgi6ltJx1cH+z4nZug
-efWcdRkCgYBy+XdmsxgNZOunlSC6VZiD0Ve/VFrCtKPWUivKDAZZPKl0T/1tbTwb
-I/N4zTF82jx88rDz+6jN5nOy9qbSR5TeCy6WlBesTvXm49awr5jSK3WkcLgmO+JI
-Zr2ozCBhUG6RvVsUPp2kXEsmwZMV/e9faFAlIXeJhKum6hZmfOgodg==
------END RSA PRIVATE KEY-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            6e:73:28:55:df:13:b5:61:f5:4f:4f:5d:00:d9:0a:d8:b5:3a:21:4b
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root
+        Validity
+            Not Before: May  9 21:51:49 2020 GMT
+            Not After : May  9 21:51:49 2030 GMT
+        Subject: CN = server
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:92:e0:46:9c:89:c3:37:a9:74:eb:35:55:43:55:
+                    5c:ac:eb:c7:e4:50:ee:f4:c0:ba:17:02:5c:d9:ed:
+                    b4:d4:ff:21:12:9a:b4:43:f4:89:4b:69:e4:6d:2b:
+                    96:1f:fc:01:4d:30:5a:79:73:76:ba:19:41:cc:c5:
+                    16:2b:bf:74:28
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: ecdsa-with-SHA256
+         30:46:02:21:00:fa:3a:c7:1e:cb:8c:27:59:41:8d:77:dd:7b:
+         cb:8c:08:15:16:b9:6e:70:e6:47:38:d1:55:42:e0:d7:66:c8:
+         f0:02:21:00:cc:70:4d:96:28:00:d3:c7:39:53:74:b2:49:87:
+         27:92:1b:ab:1a:0e:74:06:59:42:23:47:98:43:d8:20:a7:fa
 -----BEGIN CERTIFICATE-----
-MIIC6DCCAdACBRQJQlZkMA0GCSqGSIb3DQEBBQUAMDgxCzAJBgNVBAMTAm5zMQsw
-CQYDVQQKEwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkR1YmxpbjAeFw0xNDA4
-MzAxOTA3NDNaFw0yNDA4MjcxOTA3NDNaMDgxCzAJBgNVBAMTAm5zMQswCQYDVQQK
-EwJuczELMAkGA1UEBhMCSUUxDzANBgNVBAcTBkdhbHdheTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANZjjUNIQFzi/ZW9eT8+H6l1zR0RLBd2u/zaDCXU
-A3JcdPmt9jIbh3DukexYbHNJmTLs25gBSzJiCIFzzCkAWS6ANdsggZWT8ihaFlIR
-ay2t4FIzugmZQSqpFFRAAqVa0ONYoWqXnlB2tLq8rd7V8DJ9v/Od8s4tbnIhmIuF
-C08t8kxP56kSFSS4gQ0gvVjRS4Nun/1uGEVu7QDTpNm/1v1rPQf5+7zQ4Bxuy6Xd
-/GE6RYYV0598Zbf1XHM5EIVu/TKIev5WOrC4Oh9eRIxyh3k5/LfQUZvqmIvwrwtu
-fGBf0M/6imoErC0/9xa0OvmkIIPxMmqNCFgKpePT0DcbsD0CAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAoVXK97WA24tp3JyPBJKr28gFSUtOBNDPdY8atWaqw7PwUIIM
-qhs3BTag96tgSoaISRwRphz2LM1Cl+QlItYXySAnxPKrUsA0S6DlxnA6Hq3s2wTR
-6yIT7oDUDKcWkVQcQmuNGdfxCvZXkCih9lnQn++xHcuVn9mZmjXW2xk42ljDTZCp
-CM29betpcmuho6sFXsBhY7WjQWg7UpRZat0bOwleS4fsePebMKrnr/6cq4bVw59U
-XvhSFBlLoGMYteJ82fOYH6pUO1hiPr6ww5d819LPcJEcRpcxCdQZqIq680Kp7+GY
-0wkyOYr0gkNwWVP7IUZ0FExaQ/s54g71Kd0OgA==
+MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw
+RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50
+YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE0OVoXDTMwMDUwOTIx
+NTE0OVowETEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEkuBGnInDN6l06zVVQ1VcrOvH5FDu9MC6FwJc2e201P8hEpq0Q/SJS2nkbSuW
+H/wBTTBaeXN2uhlBzMUWK790KKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw
+EwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAwRgIhAPo6xx7LjCdZ
+QY133XvLjAgVFrlucOZHONFVQuDXZsjwAiEAzHBNligA08c5U3SySYcnkhurGg50
+BllCI0eYQ9ggp/o=
 -----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w
+kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70
+wLoXAlzZ7bTU/yESmrRD9IlLaeRtK5Yf/AFNMFp5c3a6GUHMxRYrv3Qo
+-----END PRIVATE KEY-----
diff --git a/tools/amalgam.py b/tools/amalgam.py
index 3d40d4b2..0c931d8e 100755
--- a/tools/amalgam.py
+++ b/tools/amalgam.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 #
 # Generate a reversible amalgamation of several C source files
 # along with their required internal headers.
@@ -32,10 +32,10 @@
 #
 
 import argparse
+import io
 import re
 import sys
 import os
-from StringIO import StringIO
 
 parser = argparse.ArgumentParser(description='Produce an amalgamated source')
 parser.add_argument('--prefix', default="NS",
@@ -65,11 +65,11 @@ class File(object):
     def __init__(self, name, parent_name):
         self.name = name
         self.parent_name = parent_name
-        self.buf = StringIO()
+        self.buf = io.StringIO()
         emit_file(self.buf, self.name, self.parent_name)
 
     def emit(self):
-        print self.buf.getvalue(),
+        print('%s' % self.buf.getvalue(), end='')
 
 
 args = parser.parse_args()
@@ -104,21 +104,20 @@ def resolve(path, parent_name):
                 break
     if os.path.exists(p) and not args.norel:
         p = os.path.realpath(p).replace('%s%s' % (os.getcwd(), os.sep), '')
-    # print >>sys.stderr, '%s %s -> %s (cwd %s)' % (path, parent_name, p, os.getcwd())
     return p.replace(os.sep, '/')
 
 def emit_line_directive(out, name, parent_name):
-    print >>out, '''#ifdef %(prefix)s_MODULE_LINES
+    print ('''#ifdef %(prefix)s_MODULE_LINES
 #line 1 "%(name)s"
 #endif''' % dict(
     prefix = args.prefix,
     name = resolve(name, parent_name),
-)
+), file=out)
 
 def emit_body(out, name, parent_name):
     resolved_name = resolve(name, parent_name)
     if not args.strict and not os.path.exists(resolved_name):
-        print >>out, '#include "%s"' % (name,)
+        print('#include "%s"' % name, file=out)
         return
 
     with open(resolved_name) as f:
@@ -130,7 +129,7 @@ def emit_body(out, name, parent_name):
                 if re.match('\s*\*/$', l):
                     in_comment = False
                     if not re.match('.*Copyright.*Cesanta', comment, re.M | re.S):
-                        print >>out, comment,
+                        out.write(comment)
                 continue
 
             if re.match('/\*$', l):
@@ -145,9 +144,9 @@ def emit_body(out, name, parent_name):
                     if not should_ignore(path_to_include, parent_name):
                         already_included.add(path_to_include)
                         includes.append(File(path_to_include, resolved_name))
-                print >>out, '/* Amalgamated: %s */' % (all,)
+                print('/* Amalgamated: %s */' % all, file=out)
             else:
-                print >>out, l,
+                out.write(l)
 
 
 def emit_file(out, name, parent_name):
@@ -174,17 +173,17 @@ if sys.platform == "win32":
 
 if args.license:
     with open(args.license) as f:
-        print f.read()
+        print(f.read())
 
 if args.public:
-    print '#include "%s"' % (args.public)
+    print('#include "%s"' % args.public)
 
 for i in includes:
     i.emit()
 
 if args.export:
-    print '#ifndef %s_EXPORT_INTERNAL_HEADERS' % (args.prefix,)
+    print('#ifndef %s_EXPORT_INTERNAL_HEADERS' % (args.prefix,))
 for i in sources:
     i.emit()
 if args.export:
-    print '#endif /* %s_EXPORT_INTERNAL_HEADERS */' % (args.prefix,)
+    print('#endif /* %s_EXPORT_INTERNAL_HEADERS */' % (args.prefix,))