diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 18df19ce6c..9d988a1a97 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -167,26 +167,23 @@
  *
  * Comments refer to the status for using certificates. Status can be
  * different for writing certificates or reading CRLs or CSRs.
- *
- * Those are defined in oid.h as oid.c needs them in a data structure. Since
- * these were previously defined here, let's have aliases for compatibility.
  */
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_KEY_USAGE                MBEDTLS_OID_X509_EXT_KEY_USAGE
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES     MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS          MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME         MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME         /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME          MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS  MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS        /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS         MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS       MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE       MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS  MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY       MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
-#define MBEDTLS_X509_EXT_FRESHEST_CRL             MBEDTLS_OID_X509_EXT_FRESHEST_CRL
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE             MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
+#define MBEDTLS_X509_EXT_KEY_USAGE                (1 << 2)
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES     (1 << 3)
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS          (1 << 4)
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME         (1 << 5)  /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME          (1 << 6)
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS  (1 << 7)
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS        (1 << 8)  /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS         (1 << 9)
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS       (1 << 10)
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE       (1 << 11)
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS  (1 << 12)
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY       (1 << 13)
+#define MBEDTLS_X509_EXT_FRESHEST_CRL             (1 << 14)
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE             (1 << 16)
 
 /*
  * Storage format identifiers
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 5528763ff8..0b0e8d1e91 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1015,7 +1015,7 @@ static int x509_get_crt_ext(unsigned char **p,
                 }
                 break;
 
-            case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
+            case MBEDTLS_X509_EXT_CERTIFICATE_POLICIES:
                 /* Parse certificate policies type */
                 if ((ret = x509_get_certificate_policies(p, end_ext_octet,
                                                          &crt->certificate_policies)) != 0) {
@@ -1866,7 +1866,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
         }
     }
 
-    if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) {
+    if (crt->ext_types & MBEDTLS_X509_EXT_CERTIFICATE_POLICIES) {
         ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
diff --git a/library/x509_oid.c b/library/x509_oid.c
index f5eb8fe0de..0a5da54cf5 100644
--- a/library/x509_oid.c
+++ b/library/x509_oid.c
@@ -273,47 +273,47 @@ static const oid_x509_ext_t oid_x509_ext[] =
         OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS,
                        "id-ce-basicConstraints",
                        "Basic Constraints"),
-        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
+        MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE,            "id-ce-keyUsage",            "Key Usage"),
-        MBEDTLS_OID_X509_EXT_KEY_USAGE,
+        MBEDTLS_X509_EXT_KEY_USAGE,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE,
                        "id-ce-extKeyUsage",
                        "Extended Key Usage"),
-        MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
+        MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME,
                        "id-ce-subjectAltName",
                        "Subject Alt Name"),
-        MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
+        MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE,
                        "id-netscape-certtype",
                        "Netscape Certificate Type"),
-        MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
+        MBEDTLS_X509_EXT_NS_CERT_TYPE,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES,
                        "id-ce-certificatePolicies",
                        "Certificate Policies"),
-        MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
+        MBEDTLS_X509_EXT_CERTIFICATE_POLICIES,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
                        "id-ce-subjectKeyIdentifier",
                        "Subject Key Identifier"),
-        MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
+        MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER,
     },
     {
         OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
                        "id-ce-authorityKeyIdentifier",
                        "Authority Key Identifier"),
-        MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
+        MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
     },
     {
         NULL_OID_DESCRIPTOR,
diff --git a/library/x509_oid.h b/library/x509_oid.h
index 2416d0b101..5b12677a61 100644
--- a/library/x509_oid.h
+++ b/library/x509_oid.h
@@ -13,6 +13,7 @@
 
 #include "mbedtls/asn1.h"
 #include "mbedtls/pk.h"
+#include "mbedtls/x509.h"
 
 #include <stddef.h>
 
@@ -23,28 +24,6 @@
 /** output buffer is too small */
 #define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B
 
-/* This is for the benefit of X.509, but defined here in order to avoid
- * having a "backwards" include of x.509.h here */
-/*
- * X.509 extension types (internal, arbitrary values for bitsets)
- */
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE                   (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS             (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL                (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE                (1 << 16)
-
 /*
  * Maximum number of OID components allowed
  */
diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data
index 3f58b18435..09bd6523a0 100644
--- a/tests/suites/test_suite_x509_oid.data
+++ b/tests/suites/test_suite_x509_oid.data
@@ -35,22 +35,22 @@ OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier
 oid_get_extended_key_usage:"551D23":""
 
 OID get x509 extension - id-ce-basicConstraints
-oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS
+oid_get_x509_extension:"551D13":MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
 
 OID get x509 extension - id-ce-keyUsage
-oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE
+oid_get_x509_extension:"551D0F":MBEDTLS_X509_EXT_KEY_USAGE
 
 OID get x509 extension - id-ce-extKeyUsage
-oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+oid_get_x509_extension:"551D25":MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
 
 OID get x509 extension - id-ce-subjectAltName
-oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME
+oid_get_x509_extension:"551D11":MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
 
 OID get x509 extension - id-netscape-certtype
-oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+oid_get_x509_extension:"6086480186F8420101":MBEDTLS_X509_EXT_NS_CERT_TYPE
 
 OID get x509 extension - id-ce-certificatePolicies
-oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+oid_get_x509_extension:"551D20":MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
 
 OID get x509 extension - invalid oid
 oid_get_x509_extension:"5533445566":0