diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h
index fb888846c..ca171cd8f 100644
--- a/include/common/openssl-compat.h
+++ b/include/common/openssl-compat.h
@@ -292,5 +292,9 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 #define SSL_OP_PRIORITIZE_CHACHA 0
 #endif
 
+#ifndef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+#define SSL_CTX_get_extra_chain_certs(ctx, chain) do { *(chain) = (ctx)->extra_certs; } while (0)
+#endif
+
 #endif /* USE_OPENSSL */
 #endif /* _COMMON_OPENSSL_COMPAT_H */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e774b9be8..072d7173c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1224,11 +1224,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
 		goto out;
 
 	/* Try to lookup for issuer in certificate extra chain */
-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
 	SSL_CTX_get_extra_chain_certs(ctx, &chain);
-#else
-	chain = ctx->extra_certs;
-#endif
 	for (i = 0; i < sk_X509_num(chain); i++) {
 		issuer = sk_X509_value(chain, i);
 		if (X509_check_issued(issuer, x) == X509_V_OK)