diff --git a/CMakeLists.txt b/CMakeLists.txt
index 175c60c55767555af88d77a25fa49be83f8eec28..6e0fbb7bd2d4f92b1ea92a6ff5810c4501b6ce2f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -804,8 +804,8 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR (CMAKE_C_COMPILER_ID
     if (LWS_HAVE_VISIBILITY)
                 set(VISIBILITY_FLAG -fvisibility=hidden)
     endif()
-    if (UNIX OR LWS_WITH_ESP8266)
-               set(CMAKE_C_FLAGS "-Wall -Werror ${VISIBILITY_FLAG} ${CMAKE_C_FLAGS}" )
+    if ((UNIX OR LWS_WITH_ESP8266) AND NOT LWS_WITH_ESP32)
+	    set(CMAKE_C_FLAGS "-Wall -Werror ${VISIBILITY_FLAG} -Wundef ${CMAKE_C_FLAGS}" )
     else()
                set(CMAKE_C_FLAGS "-Wall ${VISIBILITY_FLAG} ${CMAKE_C_FLAGS}" )
     endif()
diff --git a/lib/context.c b/lib/context.c
index 09785706549ad17ebf3d1649a236594d7fd6fa3f..85d2e1fbb46ebc491da0e0b4c566afbca9928c59 100644
--- a/lib/context.c
+++ b/lib/context.c
@@ -112,6 +112,9 @@ lws_vhost_protocol_options(struct lws_vhost *vh, const char *name)
 {
 	const struct lws_protocol_vhost_options *pvo = vh->pvo;
 
+	if (!name)
+		return NULL;
+
 	while (pvo) {
 		// lwsl_notice("%s: '%s' '%s'\n", __func__, pvo->name, name);
 		if (!strcmp(pvo->name, name))
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 715d60b128f2cd7049005efab4348b1cfec20154..2fa434ca64563af182cdd48d637e2298a1017782 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -291,6 +291,7 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
 #endif
 #include <openssl/x509v3.h>
 #endif
+#if defined(OPENSSL_VERSION_NUMBER)
 #if (OPENSSL_VERSION_NUMBER < 0x0009080afL)
 /* later openssl defines this to negate the presence of tlsext... but it was only
  * introduced at 0.9.8j.  Earlier versions don't know it exists so don't
@@ -298,6 +299,7 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
  */
 #define OPENSSL_NO_TLSEXT
 #endif
+#endif
 #endif /* not ESP32 */
 #endif /* not USE_WOLFSSL */
 #endif
diff --git a/lib/ssl-server.c b/lib/ssl-server.c
index c06818cc24e41de48ccca11309249bcbad32401a..757717c4725335bfa91f7f3a20759e3edebb470b 100644
--- a/lib/ssl-server.c
+++ b/lib/ssl-server.c
@@ -137,7 +137,7 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
 	return 0;
 }
 
-#ifndef OPENSSL_NO_TLSEXT
+#if defined(SSL_TLSEXT_ERR_NOACK) && !defined(OPENSSL_NO_TLSEXT)
 static int
 lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg)
 {
@@ -316,7 +316,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 #endif
 	}
 
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(LWS_USE_MBEDTLS) && !defined(OPENSSL_NO_TLSEXT)
 	SSL_CTX_set_tlsext_servername_callback(vhost->ssl_ctx,
 					       lws_ssl_server_name_cb);
 #endif
@@ -349,9 +349,11 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 		SSL_CTX_set_options(vhost->ssl_ctx, info->ssl_options_set);
 
 /* SSL_clear_options introduced in 0.9.8m */
+#if !defined(LWS_USE_MBEDTLS)
 #if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL)
 	if (info->ssl_options_clear)
 		SSL_CTX_clear_options(vhost->ssl_ctx, info->ssl_options_clear);
+#endif
 #endif
 
 	lwsl_info(" SSL options 0x%lX\n", SSL_CTX_get_options(vhost->ssl_ctx));