diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4841ac1c..8602be1e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -593,8 +593,8 @@ jobs:
             cmake: -DCRYPTO_BACKEND=Libgcrypt
           - name: 'mbedTLS'
             install: mbedtls
-            configure: --with-crypto=mbedtls "--with-libmbedcrypto-prefix=$(brew --prefix)" CPPFLAGS=-D_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE
-            cmake: -DCRYPTO_BACKEND=mbedTLS "-DMBEDTLS_INCLUDE_DIR=$(brew --prefix)/opt/mbedtls/include" "-DMBEDCRYPTO_LIBRARY=$(brew --prefix)/opt/mbedtls/lib/libmbedcrypto.a" -DCMAKE_C_FLAGS=-D_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE
+            configure: --with-crypto=mbedtls "--with-libmbedcrypto-prefix=$(brew --prefix)"
+            cmake: -DCRYPTO_BACKEND=mbedTLS "-DMBEDTLS_INCLUDE_DIR=$(brew --prefix)/opt/mbedtls/include" "-DMBEDCRYPTO_LIBRARY=$(brew --prefix)/opt/mbedtls/lib/libmbedcrypto.a"
     steps:
       - name: 'install packages'
         run: brew install automake libtool ${{ matrix.crypto.install }}
diff --git a/src/mbedtls.c b/src/mbedtls.c
index 8c29c2a3..cfd0dc77 100644
--- a/src/mbedtls.c
+++ b/src/mbedtls.c
@@ -1276,6 +1276,11 @@ cleanup:
     return *ctx ? 0 : -1;
 }
 
+/* Force-expose internal mbedTLS function */
+#if MBEDTLS_VERSION_NUMBER >= 0x03060000
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
+#endif
+
 /* _libssh2_ecdsa_new_private
  *
  * Creates a new private key given a file path and password
@@ -1292,16 +1297,7 @@ _libssh2_mbedtls_ecdsa_new_private(libssh2_ecdsa_ctx **ctx,
     unsigned char *data;
     size_t data_len;
 
-#if MBEDTLS_VERSION_NUMBER >= 0x03060000 && \
-    defined(_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE)
-
-    /* FIXME: implement this functionality via a public API */
-    (void)session;
-    (void)filename;
-    (void)pwd;
-    data = NULL;
-    data_len = 0;
-#else
+    /* FIXME: Reimplement this functionality via a public API. */
     if(mbedtls_pk_load_file(filename, &data, &data_len))
         goto cleanup;
 
@@ -1314,7 +1310,6 @@ _libssh2_mbedtls_ecdsa_new_private(libssh2_ecdsa_ctx **ctx,
     _libssh2_mbedtls_parse_openssh_key(ctx, session, data, data_len, pwd);
 
 cleanup:
-#endif
 
     mbedtls_pk_free(&pkey);