diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 4a7c72b94..fabd3849e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4049,7 +4049,6 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
 {
     word32 idx = 0;
     int length;
-    byte unusedBits;
     WOLFSSL_ENTER("DecodeKeyUsage");
 
     if (input[idx++] != ASN_BIT_STRING) {
@@ -4062,8 +4061,8 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
         return ASN_PARSE_E;
     }
 
-    unusedBits = input[idx++];
-    length--;
+    /* pass the unusedBits value */
+    idx++; length--;
 
     cert->extKeyUsage = (word16)(input[idx]);
     if (length == 2)
@@ -6034,7 +6033,8 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
     nb_val = 0;
 
     /* parse value, and set corresponding Policy OID value */
-    while ((token = strsep(&str, ".")) != NULL)
+    token = strtok(str, ".");
+    while (token != NULL)
     {
         val = (word32)atoi(token);
 
@@ -6082,6 +6082,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
                 out[idx++] = oid[i--];
         }
 
+        token = strtok (NULL, ".");
         nb_val++;
     }
 
@@ -7244,7 +7245,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
         wc_FreeRsaKey(rsakey);
         XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA);
         rsakey = NULL;
-
+#ifdef HAVE_ECC
         /* Check to load ecc public key */
         eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
         if (eckey == NULL) {
@@ -7268,6 +7269,10 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
             wc_ecc_free(eckey);
             return PUBLIC_KEY_E;
         }
+#else
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return PUBLIC_KEY_E;
+#endif /* HAVE_ECC */
     }
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -7276,9 +7281,10 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
 
     wc_FreeRsaKey(rsakey);
     XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA);
+#ifdef HAVE_ECC
     wc_ecc_free(eckey);
     XFREE(eckey, NULL, DYNAMIC_TYPE_ECC);
-
+#endif
     return ret;
 }
 
@@ -7379,7 +7385,8 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
     XSTRNCPY(str, value, XSTRLEN(value));
 
     /* parse value, and set corresponding Key Usage value */
-    while ((token = strsep(&str, ",")) != NULL)
+    token = strtok(str, ",");
+    while (token != NULL)
     {
         len = (word32)XSTRLEN(token);
 
@@ -7404,6 +7411,8 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
             cert->keyUsage |= KEYUSE_DECIPHER_ONLY;
         else
             return KEYUSAGE_E;
+
+        token = strtok(NULL, ",");
     }
 
     XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4aebb8167..3245c6428 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -269,18 +269,6 @@ int wolfcrypt_test(void* args)
 #endif /* USE_FAST_MATH */
 #endif /* !NO_BIG_INT */
 
-    if ( (ret = rsa_test()) != 0)
-        return err_sys("RSA EXT test failed!\n", ret);
-    else
-        printf( "RSA EXT test passed!\n");
-
-#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)
-    if ( (ret = certext_test()) != 0)
-        return err_sys("CERT EXT test failed!\n", ret);
-    else
-        printf( "CERT EXT test passed!\n");
-#endif
-
 #ifndef NO_MD5
     if ( (ret = md5_test()) != 0)
         return err_sys("MD5      test failed!\n", ret);
@@ -499,6 +487,13 @@ int wolfcrypt_test(void* args)
         printf( "RSA      test passed!\n");
 #endif
 
+#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)
+    if ( (ret = certext_test()) != 0)
+        return err_sys("CERT EXT test failed!\n", ret);
+    else
+        printf( "CERT EXT test passed!\n");
+#endif
+
 #ifndef NO_DH
     if ( (ret = dh_test()) != 0)
         return err_sys("DH       test failed!\n", ret);
@@ -3404,9 +3399,11 @@ int certext_test(void)
     byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
                       "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
 
+#ifdef HAVE_ECC
     /* created from rsa_test : certecc.der */
     byte akid_ecc[] = "\x5D\x5D\x26\xEF\xAC\x7E\x36\xF9\x9B\x76"
                       "\x15\x2B\x4A\x25\x02\x23\xEF\xB2\x89\x30";
+#endif
 
     /* created from rsa_test : cert.der */
     byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
@@ -3433,7 +3430,6 @@ int certext_test(void)
     InitDecodedCert(&cert, tmp, (word32)bytes, 0);
 
     ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
-    printf("ret = %d\n", ret);
     if (ret != 0)
         return -201;
 
@@ -3465,7 +3461,7 @@ int certext_test(void)
 
     FreeDecodedCert(&cert);
 
-
+#ifdef HAVE_ECC
     /* load certecc.pem (Cert signed by an authority) */
 #ifdef FREESCALE_MQX
     file = fopen("a:\\certs\\certecc.der", "rb");
@@ -3516,6 +3512,7 @@ int certext_test(void)
         return -219;
 
     FreeDecodedCert(&cert);
+#endif /* HAVE_ECC */
 
     /* load cert.pem (self signed certificate) */
 #ifdef FREESCALE_MQX
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index a7bea9e76..d80c728e0 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1074,11 +1074,15 @@ WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
 WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int,
                                      unsigned char*, int, int);
 #ifdef WOLFSSL_CERT_EXT
-WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
-                                       unsigned char* derBuf, int derSz);
-WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
-                                       unsigned char*, int);
+    #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED
+        WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
+                                               unsigned char* derBuf, int derSz);
+        WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
+                                               unsigned char*, int);
+    #define WOLFSSL_PEMPUBKEY_TODER_DEFINED
+    #endif
 #endif /* WOLFSSL_CERT_EXT */
+
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 typedef void (*CbMissingCRL)(const char* url);
 typedef int  (*CbOCSPIO)(void*, const char*, int,
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 2658a6518..6a1ab73bd 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -217,12 +217,18 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
  * RFC5280 : non-critical */
 WOLFSSL_API int wc_SetCertificatePolicies(Cert *cert, const char **input);
 
-/* forward from wolfssl */
-WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
-                                       unsigned char* derBuf, int derSz);
-/* forward from wolfssl */
-WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
-                                       unsigned char*, int);
+#ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED
+    #ifndef NO_FILESYSTEM
+    /* forward from wolfssl */
+    WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
+                                           unsigned char* derBuf, int derSz);
+    #endif
+
+    /* forward from wolfssl */
+    WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
+                                           unsigned char*, int);
+    #define WOLFSSL_PEMPUBKEY_TODER_DEFINED
+#endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */
 #endif /* WOLFSSL_CERT_EXT */
 
     #ifdef HAVE_NTRU