diff --git a/CMakeLists.txt b/CMakeLists.txt
index 175c60c5..6e0fbb7b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -804,8 +804,8 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR (CMAKE_C_COMPILER_ID
     if (LWS_HAVE_VISIBILITY)
                 set(VISIBILITY_FLAG -fvisibility=hidden)
     endif()
-    if (UNIX OR LWS_WITH_ESP8266)
-               set(CMAKE_C_FLAGS "-Wall -Werror ${VISIBILITY_FLAG} ${CMAKE_C_FLAGS}" )
+    if ((UNIX OR LWS_WITH_ESP8266) AND NOT LWS_WITH_ESP32)
+	    set(CMAKE_C_FLAGS "-Wall -Werror ${VISIBILITY_FLAG} -Wundef ${CMAKE_C_FLAGS}" )
     else()
                set(CMAKE_C_FLAGS "-Wall ${VISIBILITY_FLAG} ${CMAKE_C_FLAGS}" )
     endif()
diff --git a/lib/context.c b/lib/context.c
index 09785706..85d2e1fb 100644
--- a/lib/context.c
+++ b/lib/context.c
@@ -112,6 +112,9 @@ lws_vhost_protocol_options(struct lws_vhost *vh, const char *name)
 {
 	const struct lws_protocol_vhost_options *pvo = vh->pvo;
 
+	if (!name)
+		return NULL;
+
 	while (pvo) {
 		// lwsl_notice("%s: '%s' '%s'\n", __func__, pvo->name, name);
 		if (!strcmp(pvo->name, name))
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 715d60b1..2fa434ca 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -291,6 +291,7 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
 #endif
 #include <openssl/x509v3.h>
 #endif
+#if defined(OPENSSL_VERSION_NUMBER)
 #if (OPENSSL_VERSION_NUMBER < 0x0009080afL)
 /* later openssl defines this to negate the presence of tlsext... but it was only
  * introduced at 0.9.8j.  Earlier versions don't know it exists so don't
@@ -298,6 +299,7 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
  */
 #define OPENSSL_NO_TLSEXT
 #endif
+#endif
 #endif /* not ESP32 */
 #endif /* not USE_WOLFSSL */
 #endif
diff --git a/lib/ssl-server.c b/lib/ssl-server.c
index c06818cc..757717c4 100644
--- a/lib/ssl-server.c
+++ b/lib/ssl-server.c
@@ -137,7 +137,7 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
 	return 0;
 }
 
-#ifndef OPENSSL_NO_TLSEXT
+#if defined(SSL_TLSEXT_ERR_NOACK) && !defined(OPENSSL_NO_TLSEXT)
 static int
 lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg)
 {
@@ -316,7 +316,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 #endif
 	}
 
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(LWS_USE_MBEDTLS) && !defined(OPENSSL_NO_TLSEXT)
 	SSL_CTX_set_tlsext_servername_callback(vhost->ssl_ctx,
 					       lws_ssl_server_name_cb);
 #endif
@@ -349,9 +349,11 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 		SSL_CTX_set_options(vhost->ssl_ctx, info->ssl_options_set);
 
 /* SSL_clear_options introduced in 0.9.8m */
+#if !defined(LWS_USE_MBEDTLS)
 #if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL)
 	if (info->ssl_options_clear)
 		SSL_CTX_clear_options(vhost->ssl_ctx, info->ssl_options_clear);
+#endif
 #endif
 
 	lwsl_info(" SSL options 0x%lX\n", SSL_CTX_get_options(vhost->ssl_ctx));