diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
index 0b1134bfe..46c25aeff 100644
--- a/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef NO_DES
+#if defined(NO_DES) && !defined(NO_MDC2)
 #define NO_MDC2
 #endif
 
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 849633a3e..6b2c290bc 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -260,7 +260,9 @@ typedef struct x509_st
 	unsigned long ex_kusage;
 	unsigned long ex_xkusage;
 	unsigned long ex_nscert;
+#ifndef NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+#endif
 	X509_CERT_AUX *aux;
 	} X509;
 
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 62d801336..200682fd3 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -136,6 +136,8 @@ unsigned long X509_subject_name_hash(X509 *x)
 	{
 	return(X509_NAME_hash(x->cert_info->subject));
 	}
+
+#ifndef NO_SHA
 /* Compare two certificates: they must be identical for
  * this to work.
  */
@@ -144,8 +146,10 @@ int X509_cmp(X509 *a, X509 *b)
 	/* ensure hash is valid */
 	X509_check_purpose(a, -1, 0);
 	X509_check_purpose(b, -1, 0);
+
 	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
 }
+#endif
 
 int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
 	{
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index c5fca40c4..e03f97652 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -247,6 +247,7 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
 	return xp->trust;
 }
 
+#ifndef NO_SHA
 static void x509v3_cache_extensions(X509 *x)
 {
 	BASIC_CONSTRAINTS *bs;
@@ -321,6 +322,7 @@ static void x509v3_cache_extensions(X509 *x)
 	}
 	x->ex_flags |= EXFLAG_SET;
 }
+#endif
 
 /* CA checks common to all purposes
  * return codes:
diff --git a/ssl/ssl.h b/ssl/ssl.h
index db498041a..11796af10 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -151,7 +151,7 @@ extern "C" {
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
-#if defined(NO_RSA) && !defined(NO_SSL2)
+#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
 #define NO_SSL2
 #endif