diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 8c92faf64..34daaa131 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -287,7 +287,8 @@
  *
  * Enable the RSA-PSK based ciphersuite modes in SSL / TLS
  * (NOT YET IMPLEMENTED)
- * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -307,7 +308,8 @@
  *
  * Enable the RSA-only based ciphersuite modes in SSL / TLS
  *
- * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -332,8 +334,8 @@
  *
  * Enable the DHE-RSA based ciphersuite modes in SSL / TLS
  *
- * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
- *           POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -354,8 +356,8 @@
  *
  * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS
  *
- * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
- *           POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -377,7 +379,8 @@
  *
  * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
  *
- * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C
+ * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
+ *           POLARSSL_X509_CRL_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
@@ -1636,31 +1639,34 @@
 
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
     ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) ||           \
-      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
+      !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
     ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) ||          \
-      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
+      !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
     ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) ||          \
-      !defined(POLARSSL_X509_CRT_PARSE_C) )
+      !defined(POLARSSL_X509_CRT_PARSE_C) ||                              \
+      !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
     ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
-      !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) &&                       \
     ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
-      !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index fa313f41f..d9e98a431 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -954,6 +954,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
                                        int major, int minor );
 
 #if defined(POLARSSL_X509_CRT_PARSE_C)
+#if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
  * \brief          Set the data required to verify peer certificate
  *
@@ -964,6 +965,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
  */
 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
                        x509_crl *ca_crl, const char *peer_cn );
+#endif /* POLARSSL_X509_CRL_PARSE_C */
 
 /**
  * \brief          Set own certificate chain and private key
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index f5703beb0..dab1296ca 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -198,6 +198,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path );
 int x509_crt_info( char *buf, size_t size, const char *prefix,
                    const x509_crt *crt );
 
+#if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
  * \brief          Verify the certificate signature
  *
@@ -241,7 +242,6 @@ int x509_crt_verify( x509_crt *crt,
                      int (*f_vrfy)(void *, x509_crt *, int, int *),
                      void *p_vrfy );
 
-#if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
  * \brief          Verify the certificate signature
  *
diff --git a/library/pkparse.c b/library/pkparse.c
index 9160e8577..2ecf143b7 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -745,7 +745,10 @@ static int pk_parse_key_pkcs8_encrypted_der(
     }
     else
 #endif /* POLARSSL_PKCS5_C */
+    {
+        ((void) pwd);
         return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+    }
 
     return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
 }
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index b134b9217..80bef3511 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -740,13 +740,15 @@ static int ssl_parse_supported_point_formats_ext( ssl_context *ssl,
 
 static int ssl_parse_server_hello( ssl_context *ssl )
 {
-    uint32_t t;
     int ret, i, comp;
     size_t n;
     size_t ext_len = 0;
     unsigned char *buf, *ext;
     int renegotiation_info_seen = 0;
     int handshake_failure = 0;
+#if defined(POLARSSL_DEBUG_C)
+    uint32_t t;
+#endif
 
     SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
 
@@ -807,13 +809,13 @@ static int ssl_parse_server_hello( ssl_context *ssl )
       | ( (uint32_t) buf[7] << 16 )
       | ( (uint32_t) buf[8] <<  8 )
       | ( (uint32_t) buf[9]       );
+    SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
 #endif
 
     memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
 
     n = buf[38];
 
-    SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
     SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 6, 32 );
 
     if( n > 32 )