diff --git a/CHANGES b/CHANGES
index 70dd5101b1a2de6545ec44903bd39a080b9666e7..22ad45b5ff76e7945d13f5d5f9ff0be378714581 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
   *) Precautions against using the PRNG uninitialized: RAND_bytes() now
      has a return value which indicates the quality of the random data
      (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
diff --git a/Configure b/Configure
index e4faad741e11cc16d9f8c611e5d0171472a160cd..6d9c223d50cbf411bada388c99173f8c187cfabe 100755
--- a/Configure
+++ b/Configure
@@ -102,7 +102,7 @@ my %table=(
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall  -pedantic -Wall -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "dist",		"cc:-O::(unknown):::::",
 
 # Basic configs that should work on any box
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 08e47be4f787563beaa947d9e922e968d7434f04..3c76782b7e3ad773084309f3c6c3013e36b96be1 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -66,10 +66,6 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
 #undef PROG
 #define PROG	ciphers_main
 
diff --git a/apps/s_client.c b/apps/s_client.c
index f09fae5f678ff6e4f3c3c89c8d2d923f401f11af..84a475d7b8e4a0eaa8c8ec5cc72dc25c54e22067 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -91,10 +91,6 @@ typedef unsigned int u_int;
 #undef FIONBIO
 #endif
 
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
 #undef PROG
 #define PROG	s_client_main
 
diff --git a/apps/s_server.c b/apps/s_server.c
index a33e0ff1477046506bca972a357bd2d948c5e469..ff0354acc8a5bee10bb3b2effc2a109dd9d500c6 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -94,10 +94,6 @@ typedef unsigned int u_int;
 #undef FIONBIO
 #endif
 
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
 #ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
diff --git a/apps/s_time.c b/apps/s_time.c
index a43df6bb92ac66b36c423d1be8345ef19ac33810..1653195b3f30af2fbaf6424f4b1e846a80d30195 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -67,10 +67,6 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 6db98e92f51c857964292922812f98f64c74240c..067216b1a229cdc6b1527f91d136510da6e357cc 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -68,8 +68,10 @@ static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
 static SSL_METHOD *ssl23_get_client_method(int ver)
 	{
+#ifndef NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
+#endif
 	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
 	else if (ver == TLS1_VERSION)
@@ -307,7 +309,7 @@ static int ssl23_get_server_hello(SSL *s)
 	{
 	char buf[8];
 	unsigned char *p;
-	int i,ch_len;
+	int i;
 	int n;
 
 	n=ssl23_read_bytes(s,7);
@@ -320,9 +322,14 @@ static int ssl23_get_server_hello(SSL *s)
 	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
 		(p[5] == 0x00) && (p[6] == 0x02))
 		{
+#ifdef NO_SSL2
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+		goto err;
+#else
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3 setup and put in the
 		 * sslv2 stuff. */
+		int ch_len;
 
 		if (s->options & SSL_OP_NO_SSLv2)
 			{
@@ -375,6 +382,7 @@ static int ssl23_get_server_hello(SSL *s)
 
 		s->method=SSLv2_client_method();
 		s->handshake_func=s->method->ssl_connect;
+#endif
 		}
 	else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 		 (p[1] == SSL3_VERSION_MAJOR) &&
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index 822a3958372d0335ef4eef33625056b95e63c54e..e2c3bb47daf0fc5217f61d8b289ecc4348b08f8a 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -106,7 +106,11 @@ SSL_METHOD *sslv23_base_method(void)
 
 static int ssl23_num_ciphers(void)
 	{
-	return(ssl3_num_ciphers()+ssl2_num_ciphers());
+	return(ssl3_num_ciphers()
+#ifndef NO_SSL2
+	       + ssl2_num_ciphers()
+#endif
+	    );
 	}
 
 static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
@@ -116,7 +120,11 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 	if (u < uu)
 		return(ssl3_get_cipher(u));
 	else
+#ifndef NO_SSL2
 		return(ssl2_get_cipher(u-uu));
+#else
+		return(NULL);
+#endif
 	}
 
 /* This function needs to check if the ciphers required are actually
@@ -132,8 +140,10 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;
 	cp=ssl3_get_cipher_by_char(p);
+#ifndef NO_SSL2
 	if (cp == NULL)
 		cp=ssl2_get_cipher_by_char(p);
+#endif
 	return(cp);
 	}
 
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 371789715d4ac369ebd3a4f63bb3f297ff9d8740..968bf7c1f67430a9cbd47a77a726499dbc994318 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -67,8 +67,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
 static SSL_METHOD *ssl23_get_server_method(int ver)
 	{
+#ifndef NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
+#endif
 	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
 	else if (ver == TLS1_VERSION)
@@ -450,6 +452,10 @@ next_bit:
 
 	if (type == 1)
 		{
+#ifdef NO_SSL2
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+		goto err;
+#else
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3/TLSv1 setup and put in the
 		 * sslv2 stuff. */
@@ -488,6 +494,7 @@ next_bit:
 
 		s->method=SSLv2_server_method();
 		s->handshake_func=s->method->ssl_accept;
+#endif
 		}
 
 	if ((type == 2) || (type == 3))
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 01ef9a7f76c8f8ed5ed32855fee0ec11ae138960..f05b76a66af85c0297485eea7e1f9e545570538c 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -56,12 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#include "ssl_locl.h"
+#ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
 #include <openssl/evp.h>
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
@@ -974,7 +974,7 @@ end:
 	EVP_PKEY_free(pkey);
 	return(i);
 	}
-#else /* !NO_RSA */
+#else /* !NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 09835008a99d9fd7fbc53964bc4912d212f1e21e..a9458e7fa7208f59bff980971a46c3fd4846457e 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -56,8 +56,9 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
 #include "ssl_locl.h"
+#ifndef NO_SSL2
+#include <stdio.h>
 
 int ssl2_enc_init(SSL *s, int client)
 	{
@@ -177,4 +178,10 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
 	EVP_DigestFinal(&c,md,NULL);
 	/* some would say I should zero the md context */
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
+#endif
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index f473b459f2124414ae6e6195102dec94a06b136a..e727b1440677cfb540c6f3d17dc55b8d5c65ed09 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -56,12 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#include "ssl_locl.h"
+#ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/md5.h>
-#include "ssl_locl.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -421,7 +421,7 @@ int ssl2_shutdown(SSL *s)
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
-#else /* !NO_RSA */
+#else /* !NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index 54ff252d9ad372ef8a7dbb302769daecfd9c7ab0..deb9e1d6f36c316fdd1b005916c74540a05130e4 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -56,10 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#include "ssl_locl.h"
+#ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *ssl2_get_method(int ver);
 static SSL_METHOD *ssl2_get_method(int ver)
@@ -86,7 +86,7 @@ SSL_METHOD *SSLv2_method(void)
 		}
 	return(&SSLv2_data);
 	}
-#else /* !NO_RSA */
+#else /* !NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index a1bb5bca4b8030259317961258338b74c632738f..56662f29facb508a10b908c2ffb87808fcd0485a 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -56,10 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
+#include "ssl_locl.h"
+#ifndef NO_SSL2
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
-#include "ssl_locl.h"
 
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
 static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
@@ -638,3 +639,10 @@ static int ssl_mt_error(int n)
 		}
 	return(ret);
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index cfc0ba0343c8b2446989a76ad7f2894aa68b82e5..811daa2e2cb8bc342ffd9bd135d22c655ffc39b1 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -56,12 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RSA
+#include "ssl_locl.h"
+#ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/bio.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
 #include <openssl/evp.h>
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
@@ -966,7 +966,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
 	return(i);
 	}
-#else /* !NO_RSA */
+#else /* !NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 575c64d1d95cdb931eea8857cf1c108cd10a9f63..db498041a3264a9c3e363af683058700a2ec64f0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -151,6 +151,10 @@ extern "C" {
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
 #define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
 
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 28140b3fdff2bfbccc4405289894d77367fa2743..292c758507fd2218d0dc62d753cc72da1f628e18 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -75,10 +75,6 @@
 #include "../crypto/bio/bss_file.c"
 #endif
 
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
 #ifdef VMS
 #  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
 #  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"