diff --git a/ChangeLog b/ChangeLog
index ef2e7b73f..36e63930e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.16.X branch released XXXX-XX-XX
+
+Bugfix
+   * Allow loading symlinked certificates. Fixes #3005. Reported and fixed
+     by Jonathan Bennett <JBennett@incomsystems.biz> via #3008.
+
 = mbed TLS 2.16.5 branch released xxxx-xx-xx
 
 Security
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9c2e36547..a4202be37 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1366,7 +1366,7 @@ cleanup:
             goto cleanup;
         }
 
-        if( !S_ISREG( sb.st_mode ) )
+        if( !( S_ISREG( sb.st_mode ) || S_ISLNK( sb.st_mode ) ) )
             continue;
 
         // Ignore parse errors