diff --git a/ssl.c b/ssl.c
index 6db23c7..d1ef5c8 100644
--- a/ssl.c
+++ b/ssl.c
@@ -139,7 +139,7 @@ int ssl_negotiate(H3270 *hSession)
 		peer = SSL_get_peer_certificate(hSession->ssl_con);
 		trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
 
-#ifdef ENABLE_SELF_SIGNED_CERT
+#ifdef SSL_ALLOW_SELF_SIGNED_CERT
 		break;
 #else
 		lib3270_disconnect(hSession);
@@ -151,7 +151,7 @@ int ssl_negotiate(H3270 *hSession)
 							);
 
 		return -1;
-#endif // ENABLE_SELF_SIGNED_CERT
+#endif // SSL_ALLOW_SELF_SIGNED_CERT
 
 	default:
 		trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
@@ -255,7 +255,7 @@ int ssl_init(H3270 *hSession)
 		SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
 		SSL_CTX_set_default_verify_paths(ssl_ctx);
 
-		/*
+#if defined(SSL_ENABLE_CRL_CHECK)
 		// Set up CRL validation
 		// https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
 		X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
@@ -265,9 +265,9 @@ int ssl_init(H3270 *hSession)
 		X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
 		X509_STORE_set1_param(store, param);
 		X509_VERIFY_PARAM_free(param);
-		*/
 
 		// X509_STORE_free(store);
+#endif // SSL_ENABLE_CRL_CHECK
 
 #if defined(_WIN32)
 		{
--
libgit2 0.21.2