diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 21541b8fc4..b882d47a5c 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2083,9 +2083,9 @@ start_processing:
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
             ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
+                                        peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
-            #pragma GCC diagnostic pop
         } else
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
         ret = mbedtls_pk_verify_restartable(peer_pk,
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index cda1f8a426..372bf84608 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -963,12 +963,9 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
 
         MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-        #pragma GCC diagnostic push
-        #pragma GCC diagnostic warning "-Wenum-conversion"
         if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
                                        md_alg, verify_hash, verify_hash_len,
                                        p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
-        #pragma GCC diagnostic pop
             MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
                                       mbedtls_ssl_sig_alg_to_str(*sig_alg)));
             MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);