diff --git a/apps/s_client.c b/apps/s_client.c
index f68553234dc0ee8bd2e8b308d36fa9a9d789aa11..776196ef0871c5de849b6f29ff59a22ebf86ef43 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -205,7 +205,9 @@ static int c_showcerts=0;
 
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
+#ifndef OPENSSL_NO_TLSEXT
 static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 static int c_ign_eof=0;
@@ -1653,6 +1655,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	(void)BIO_flush(bio);
 	}
 
+#ifndef OPENSSL_NO_TLSEXT
+
 static int ocsp_resp_cb(SSL *s, void *arg)
 	{
 	const unsigned char *p;
@@ -1678,3 +1682,5 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 	OCSP_RESPONSE_free(rsp);
 	return 1;
 	}
+
+#endif
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index f90e107c9f5a4afca9b2786a2426f7b60a293aa4..cc6c527f19fdcc9507e06682fc0d9dc2cfaffd7e 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -276,7 +276,7 @@ static int ssl23_client_hello(SSL *s)
 		{
 		version = SSL2_VERSION;
 		}
-
+#ifndef OPENSSL_NO_TLSEXT
 	if (version != SSL2_VERSION)
 		{
 		/* have to disable SSL 2.0 compatibility if we need TLS extensions */
@@ -291,6 +291,7 @@ static int ssl23_client_hello(SSL *s)
 			ssl2_compat = 0;
 #endif
 		}
+#endif
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)