diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 3529e66ed1..f9bf800857 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -29,6 +29,7 @@
 #if defined(POLARSSL_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
+#include <stdio.h>
 #define polarssl_printf     printf
 #define polarssl_fprintf    fprintf
 #endif
@@ -39,7 +40,6 @@
     !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_RSA_C) ||      \
     !defined(POLARSSL_CERTS_C)
 
-#include <stdio.h>
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -49,13 +49,12 @@ int main( int argc, char *argv[] )
             "POLARSSL_NET_C and/or "
             "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
             "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_RSA_C and/or "
-            "POLARSSL_CERTS_C not defined.\n" );
+            "POLARSSL_CERTS_C and/or POLARSSL_PEM_PARSE_C not defined.\n" );
     return( 0 );
 }
 #else
 
 #include <string.h>
-#include <stdio.h>
 
 #include "mbedtls/net.h"
 #include "mbedtls/debug.h"
@@ -128,14 +127,8 @@ int main( int argc, char *argv[] )
     polarssl_printf( "  . Loading the CA root certificate ..." );
     fflush( stdout );
 
-#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_PEM_PARSE_C)
     ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem,
                           test_cas_pem_len );
-#else
-    ret = 1;
-    polarssl_printf("POLARSSL_CERTS_C or POLARSSL_PEM_PARSE_C not defined.");
-#endif
-
     if( ret < 0 )
     {
         polarssl_printf( " failed\n  !  x509_crt_parse returned -0x%x\n\n", -ret );
@@ -344,4 +337,5 @@ exit:
 }
 #endif /* POLARSSL_SSL_CLI_C && POLARSSL_SSL_PROTO_DTLS && POLARSSL_NET_C &&
           POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
-          POLARSSL_X509_CRT_PARSE_C && POLARSSL_RSA_C && POLARSSL_CERTS_C */
+          POLARSSL_X509_CRT_PARSE_C && POLARSSL_RSA_C && POLARSSL_CERTS_C &&
+          POLARSSL_PEM_PARSE_C */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 3bd14c910c..97d8e28345 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -411,4 +411,4 @@ exit:
 #endif /* POLARSSL_SSL_SRV_C && POLARSSL_SSL_PROTO_DTLS &&
           POLARSSL_SSL_COOKIE_C && POLARSSL_NET_C && POLARSSL_ENTROPY_C &&
           POLARSSL_CTR_DRBG_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_RSA_C
-          && POLARSSL_CERTS_C */
+          && POLARSSL_CERTS_C && POLARSSL_PEM_PARSE_C */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index f5d732eb0f..b9735b4744 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -34,31 +34,10 @@
 #define polarssl_printf     printf
 #endif
 
-#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
-    defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
-    defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \
-    defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_X509_CRT_PARSE_C)
-#include "mbedtls/net.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/error.h"
-#include "mbedtls/certs.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_PORT 4433
-#define SERVER_NAME "localhost"
-#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
-
-#define DEBUG_LEVEL 1
-
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||  \
     !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
     !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) ||         \
+    !defined(POLARSSL_CERTS_C) || !defined(POLARSSL_PEM_PARSE_C) || \
     !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
 int main( void )
 {
@@ -70,6 +49,23 @@ int main( void )
     return( 0 );
 }
 #else
+
+#include "mbedtls/net.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+
+#include <string.h>
+
+#define SERVER_PORT 4433
+#define SERVER_NAME "localhost"
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+#define DEBUG_LEVEL 1
+
 static void my_debug( void *ctx, int level, const char *str )
 {
     ((void) level);
@@ -119,14 +115,8 @@ int main( void )
     polarssl_printf( "  . Loading the CA root certificate ..." );
     fflush( stdout );
 
-#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_PEM_PARSE_C)
     ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem,
                           test_cas_pem_len );
-#else
-    ret = 1;
-    polarssl_printf("POLARSSL_CERTS_C or POLARSSL_PEM_PARSE_C not defined.");
-#endif
-
     if( ret < 0 )
     {
         polarssl_printf( " failed\n  !  x509_crt_parse returned -0x%x\n\n", -ret );
@@ -309,4 +299,5 @@ exit:
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
           POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
-          POLARSSL_CTR_DRBG_C */
+          POLARSSL_CERTS_C && POLARSSL_PEM_PARSE_C && POLARSSL_CTR_DRBG_C &&
+          POLARSSL_X509_CRT_PARSE_C */
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index f4a0c7ec09..451b1a8741 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -34,44 +34,12 @@
 #define polarssl_printf     printf
 #endif
 
-#if defined(_WIN32)
-#include <windows.h>
-#endif
-
-#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
-    defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
-    defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
-    defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
-    defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_TIMING_C) && \
-    defined(POLARSSL_FS_IO) && defined(POLARSSL_PEM_PARSE_C)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/net.h"
-#include "mbedtls/timing.h"
-
-#include <string.h>
-#include <stdio.h>
-#include <signal.h>
-#endif
-
-#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
-#include <unistd.h>
-#endif
-
-#define HTTP_RESPONSE \
-    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
-    "<h2>mbed TLS Test Server</h2>\r\n" \
-    "<p>Successful connection using: %s</p>\r\n"
-
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) ||    \
     !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
     !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) ||     \
     !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) ||    \
     !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C) || \
-    !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_FS_IO) || !defined(POLARSSL_PEM_PARSE_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
@@ -93,6 +61,26 @@ int main( void )
 }
 #else
 
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net.h"
+#include "mbedtls/timing.h"
+
+#include <string.h>
+#include <signal.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
+#define HTTP_RESPONSE \
+    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+    "<h2>mbed TLS Test Server</h2>\r\n" \
+    "<p>Successful connection using: %s</p>\r\n"
+
 #define DEBUG_LEVEL 0
 
 static void my_debug( void *ctx, int level, const char *str )
@@ -400,4 +388,5 @@ exit:
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
           POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
-          POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */
+          POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_PEM_PARSE_C &&
+          ! _WIN32 */
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index cde0640429..2a20fbdc7a 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -34,11 +34,22 @@
 #define polarssl_printf     printf
 #endif
 
-#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
-    defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
-    defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \
-    defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_X509_CRT_PARSE_C) && \
-    defined(POLARSSL_FS_IO)
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||  \
+    !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
+    !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) ||         \
+    !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
+    !defined(POLARSSL_FS_IO)
+int main( void )
+{
+    polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+           "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
+           "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
+           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
+           "not defined.\n");
+    return( 0 );
+}
+#else
+
 #include "mbedtls/base64.h"
 #include "mbedtls/error.h"
 #include "mbedtls/net.h"
@@ -48,10 +59,8 @@
 #include "mbedtls/certs.h"
 #include "mbedtls/x509.h"
 
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#endif
 
 #if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
 #include <unistd.h>
@@ -125,21 +134,6 @@
     "    force_ciphersuite=<name>    default: all enabled\n"\
     " acceptable ciphersuite names:\n"
 
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||  \
-    !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
-    !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) ||         \
-    !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
-    !defined(POLARSSL_FS_IO)
-int main( void )
-{
-    polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
-           "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
-           "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
-           "not defined.\n");
-    return( 0 );
-}
-#else
 /*
  * global options
  */
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9b35ff4524..ece8ad20e3 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -36,47 +36,6 @@
 #define polarssl_snprintf   snprintf
 #endif
 
-#if defined(_WIN32)
-#include <windows.h>
-#endif
-
-#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
-    defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
-    defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
-    defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
-    defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) && \
-    defined(POLARSSL_THREADING_C) && defined(POLARSSL_THREADING_PTHREAD) && \
-    defined(POLARSSL_PEM_PARSE_C)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/net.h"
-#include "mbedtls/error.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#endif
-
-#if defined(POLARSSL_SSL_CACHE_C)
-#include "mbedtls/ssl_cache.h"
-#endif
-
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-#define HTTP_RESPONSE \
-    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
-    "<h2>mbed TLS Test Server</h2>\r\n" \
-    "<p>Successful connection using: %s</p>\r\n"
-
-#define DEBUG_LEVEL 0
-
-#define MAX_NUM_THREADS 5
-
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) ||            \
     !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) ||         \
     !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) ||             \
@@ -95,6 +54,39 @@ int main( void )
     return( 0 );
 }
 #else
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net.h"
+#include "mbedtls/error.h"
+
+#if defined(POLARSSL_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+#define HTTP_RESPONSE \
+    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+    "<h2>mbed TLS Test Server</h2>\r\n" \
+    "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+#define MAX_NUM_THREADS 5
+
 threading_mutex_t debug_mutex;
 
 static void my_mutexed_debug( void *ctx, int level, const char *str )
@@ -524,4 +516,4 @@ exit:
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
           POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
           POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_THREADING_C &&
-          POLARSSL_THREADING_PTHREAD */
+          POLARSSL_THREADING_PTHREAD && POLARSSL_PEM_PARSE_C */
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 7960ecf3c4..34cfa8c9a8 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -34,41 +34,6 @@
 #define polarssl_printf     printf
 #endif
 
-#if defined(_WIN32)
-#include <windows.h>
-#endif
-
-#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
-    defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
-    defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
-    defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
-    defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) && \
-    defined(POLARSSL_PEM_PARSE_C)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/net.h"
-#include "mbedtls/error.h"
-#include "mbedtls/debug.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#endif
-
-#if defined(POLARSSL_SSL_CACHE_C)
-#include "mbedtls/ssl_cache.h"
-#endif
-
-#define HTTP_RESPONSE \
-    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
-    "<h2>mbed TLS Test Server</h2>\r\n" \
-    "<p>Successful connection using: %s</p>\r\n"
-
-#define DEBUG_LEVEL 0
-
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) ||    \
     !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
     !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) ||     \
@@ -85,6 +50,34 @@ int main( void )
     return( 0 );
 }
 #else
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+
+#if defined(POLARSSL_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#define HTTP_RESPONSE \
+    "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+    "<h2>mbed TLS Test Server</h2>\r\n" \
+    "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
 static void my_debug( void *ctx, int level, const char *str )
 {
     ((void) level);
@@ -393,4 +386,5 @@ exit:
 }
 #endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
           POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
-          POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */
+          POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_X509_CRT_PARSE_C
+          && POLARSSL_FS_IO && POLARSSL_PEM_PARSE_C */