diff --git a/configure.ac b/configure.ac
index 81635f3..f8397e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -292,6 +292,8 @@ if test "$with_gnutls" = "yes"; then
 		 [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
     AC_CHECK_FUNC(gnutls_certificate_set_key,
 		 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
+    AC_CHECK_FUNC(gnutls_pk_to_sign,
+		 [AC_DEFINE(HAVE_GNUTLS_PUBKEY_TO_SIGN, 1)], [])
     AC_CHECK_FUNC(gnutls_pubkey_verify_data2,
 		 [AC_DEFINE(HAVE_GNUTLS_PUBKEY_VERIFY_DATA2, 1)], [])
     if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
diff --git a/gnutls.c b/gnutls.c
index e881ce6..601ae12 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -583,7 +583,7 @@ static int assign_privkey(struct openconnect_info *vpninfo,
 static int verify_signed_data(gnutls_pubkey_t pubkey, gnutls_privkey_t privkey,
 			      const gnutls_datum_t *data, const gnutls_datum_t *sig)
 {
-#ifdef HAVE_GNUTLS_PUBKEY_VERIFY_DATA2
+#if defined(HAVE_GNUTLS_PUBKEY_VERIFY_DATA2) && defined(HAVE_GNUTLS_PUBKEY_TO_SIGN)
 	gnutls_sign_algorithm_t algo = GNUTLS_SIGN_RSA_SHA1; /* TPM keys */
 
 	if (privkey != OPENCONNECT_TPM_PKEY)