diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index e2e9f7715..d3c92a07d 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -30,10 +30,14 @@
 extern "C" {
 #endif
 
-/* Concatenation of all available CA certificates */
+/* Concatenation of all CA certificates in PEM format if available */
 extern const char   test_ca_list[];
 extern const size_t test_ca_list_len;
 
+/* List of all CA certificates, terminated by NULL */
+extern const char * test_cas[];
+extern const size_t test_cas_len[];
+
 /*
  * Convenience for users who just want a certificate:
  * RSA by default, or ECDSA if RSA is not available
diff --git a/library/certs.c b/library/certs.c
index f0435e13e..8da552f39 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -305,6 +305,26 @@ const size_t test_dhm_params_len = sizeof( test_dhm_params );
 const char test_ca_list[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
 const size_t test_ca_list_len = sizeof( test_ca_list );
 
+/* List of all available CA certificates */
+const char * test_cas[] = {
+#if defined(POLARSSL_RSA_C)
+    test_ca_crt_rsa,
+#endif
+#if defined(POLARSSL_ECDSA_C)
+    test_ca_crt_ec,
+#endif
+    NULL
+};
+const size_t test_cas_len[] = {
+#if defined(POLARSSL_RSA_C)
+    test_ca_crt_rsa_len,
+#endif
+#if defined(POLARSSL_ECDSA_C)
+    test_ca_crt_ec_len,
+#endif
+    0
+};
+
 #if defined(POLARSSL_RSA_C)
 const char *test_ca_crt  = test_ca_crt_rsa;
 const char *test_ca_key  = test_ca_key_rsa;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5088cc647..93ab15bd9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -946,8 +946,14 @@ int main( int argc, char *argv[] )
     else
 #endif
 #if defined(POLARSSL_CERTS_C)
-        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
-                test_ca_list_len );
+        for( i = 0; test_cas[i] != NULL; i++ )
+        {
+            ret = x509_crt_parse( &cacert,
+                                  (const unsigned char *) test_cas[i],
+                                  test_cas_len[i] );
+            if( ret != 0 )
+                break;
+        }
 #else
     {
         ret = 1;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 0afe42b79..8a3010fbd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1327,8 +1327,14 @@ int main( int argc, char *argv[] )
     else
 #endif
 #if defined(POLARSSL_CERTS_C)
-        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
-                              test_ca_list_len );
+        for( i = 0; test_cas[i] != NULL; i++ )
+        {
+            ret = x509_crt_parse( &cacert,
+                                  (const unsigned char *) test_cas[i],
+                                  test_cas_len[i] );
+            if( ret != 0 )
+                break;
+        }
 #else
     {
         ret = 1;