diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 38ad2fd56..607a8d2b7 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -11,7 +11,7 @@
 
 #ifdef MBEDTLS_SSL_CLI_C
 static bool initialized = 0;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
 static mbedtls_x509_crt cacert;
 #endif
 const char *alpn_list[3];
@@ -42,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     uint16_t options;
 
     if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
         mbedtls_x509_crt_init( &cacert );
         if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
                                    mbedtls_test_cas_pem_len ) != 0)
@@ -88,7 +88,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     }
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     if (options & 4) {
         mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
         mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
@@ -129,7 +129,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
         goto exit;
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     if ((options & 1) == 0) {
         if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
             goto exit;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index fb872ef74..7de835674 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -13,7 +13,7 @@
 
 #ifdef MBEDTLS_SSL_CLI_C
 static bool initialized = 0;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
 static mbedtls_x509_crt cacert;
 #endif
 
@@ -36,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     fuzzBufferOffset_t biomemfuzz;
 
     if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
         mbedtls_x509_crt_init( &cacert );
         if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
                                    mbedtls_test_cas_pem_len ) != 0)
@@ -63,7 +63,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
                                     MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
         goto exit;
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
 #endif
     mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
@@ -75,7 +75,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
                              mbedtls_timing_get_delay );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
         goto exit;
 #endif
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index ff9a60b72..ec08f79ca 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -16,7 +16,7 @@
 const char *pers = "fuzz_dtlsserver";
 const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
 static bool initialized = 0;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
 static mbedtls_x509_crt srvcert;
 static mbedtls_pk_context pkey;
 #endif
@@ -37,7 +37,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     fuzzBufferOffset_t biomemfuzz;
 
     if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
         mbedtls_x509_crt_init( &srvcert );
         mbedtls_pk_init( &pkey );
         if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
@@ -75,7 +75,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     srand(1);
     mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
     if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
         goto exit;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index d751a71f8..94c80f6c3 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -13,7 +13,7 @@
 #ifdef MBEDTLS_SSL_SRV_C
 const char *pers = "fuzz_server";
 static bool initialized = 0;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
 static mbedtls_x509_crt srvcert;
 static mbedtls_pk_context pkey;
 #endif
@@ -51,7 +51,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     options = Data[Size - 1];
 
     if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
         mbedtls_x509_crt_init( &srvcert );
         mbedtls_pk_init( &pkey );
         if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
@@ -95,7 +95,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     srand(1);
     mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
     if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
         goto exit;