diff --git a/legacy/eet/configure.ac b/legacy/eet/configure.ac
index f91e2fc85b..591954c8d4 100644
--- a/legacy/eet/configure.ac
+++ b/legacy/eet/configure.ac
@@ -95,11 +95,11 @@ AC_MSG_RESULT([${want_gnutls}])
 
 # Specific GNUTLS improvement
 
-new_gnutls_api="no"
+new_gnutls_api="yes"
 AC_ARG_ENABLE(new-gnutls-api,
    [AC_HELP_STRING(
-      [--enable-new-gnutls-api],
-      [enable use of gnutls_x509_crt_verify_hash. [[default=disable]]]
+      [--disable-new-gnutls-api],
+      [enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
     )],
    [new_gnutls_api=$enableval]
 )
@@ -107,9 +107,14 @@ AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
 AC_MSG_RESULT([${new_gnutls_api}])
 
 if test "x${new_gnutls_api}" = "xyes" ; then
-   AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
-else
-   AC_DEFINE(EET_USE_NEW_GNUTLS_API, 0, [don't use gnutls_x509_crt_verify_hash])
+   AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
+                [ new_gnutls_api="yes" ],
+		[ new_gnutls_api="no" ]
+		)
+
+   if test "x${new_gnutls_api}" = "xyes"; then
+      AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
+   fi
 fi
 
 # Openssl support
diff --git a/legacy/eet/src/lib/eet_cipher.c b/legacy/eet/src/lib/eet_cipher.c
index 52ba09bd10..903e4b61fc 100644
--- a/legacy/eet/src/lib/eet_cipher.c
+++ b/legacy/eet/src/lib/eet_cipher.c
@@ -558,11 +558,13 @@ eet_identity_check(const void *data_base, unsigned int data_length,
 
 # ifdef HAVE_GNUTLS
    gnutls_x509_crt_t cert;
-   gcry_md_hd_t md;
    gnutls_datum_t datum;
    gnutls_datum_t signature;
+#  if EET_USE_NEW_GNUTLS_API
    unsigned char *hash;
+   gcry_md_hd_t md;
    int err;
+#  endif
 
    /* Create an understanding certificate structure for gnutls */
    datum.data = (void *)cert_der;