diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index e11f373831..87ea6c3150 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -28,13 +28,12 @@
 #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len)           \
     mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) && \
-    defined(MBEDTLS_PK_WRITE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
 #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt)                \
     mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt)
 #else
 #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt)       do { } while (0)
-#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO && MBEDTLS_PK_WRITE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */
 
 #else /* MBEDTLS_DEBUG_C */
 
diff --git a/library/debug.c b/library/debug.c
index 0721d60a14..e622ac9ed4 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -179,8 +179,9 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
                                 MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT);
 }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) && \
-    defined(MBEDTLS_PK_WRITE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
+
+#if defined(MBEDTLS_PK_WRITE_C)
 static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
                            const char *file, int line,
                            const char *text, const mbedtls_pk_context *pk)
@@ -198,6 +199,7 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
                                 "failed to export public key from PK context");
     }
 }
+#endif /* MBEDTLS_PK_WRITE_C */
 
 static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level,
                                      const char *file, int line, const char *text)
@@ -247,11 +249,13 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
         mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
         debug_print_line_by_line(ssl, level, file, line, buf);
 
+#if defined(MBEDTLS_PK_WRITE_C)
         debug_print_pk(ssl, level, file, line, "crt->PK", &crt->pk);
+#endif /* MBEDTLS_PK_WRITE_C */
 
         crt = crt->next;
     }
 }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO && MBEDTLS_PK_WRITE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */
 
 #endif /* MBEDTLS_DEBUG_C */
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 0e2163be9f..3d72056528 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -47,9 +47,19 @@ Debug print buffer #5
 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\:  00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f  ................\nMyFile(0999)\: 0010\:  10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f  ................\nMyFile(0999)\: 0020\:  20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f   !"#$%&'()*+,-./\nMyFile(0999)\: 0030\:  30                                               0\n"
 
 Debug print certificate #1 (RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C
 mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: 01\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using      \: RSA with SHA1\nMyFile(0999)\: RSA key size      \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: dumping 'crt->PK' (270 bytes)\nMyFile(0999)\: 0000\:  30 82 01 0a 02 82 01 01 00 a9 02 1f 3d 40 6a d5\nMyFile(0999)\: 0010\:  55 53 8b fd 36 ee 82 65 2e 15 61 5e 89 bf b8 e8\nMyFile(0999)\: 0020\:  45 90 db ee 88 16 52 d3 f1 43 50 47 96 12 59 64\nMyFile(0999)\: 0030\:  87 6b fd 2b e0 46 f9 73 be dd cf 92 e1 91 5b ed\nMyFile(0999)\: 0040\:  66 a0 6f 89 29 79 45 80 d0 83 6a d5 41 43 77 5f\nMyFile(0999)\: 0050\:  39 7c 09 04 47 82 b0 57 39 70 ed a3 ec 15 19 1e\nMyFile(0999)\: 0060\:  a8 33 08 47 c1 05 42 a9 fd 4c c3 b4 df dd 06 1f\nMyFile(0999)\: 0070\:  4d 10 51 40 67 73 13 0f 40 f8 6d 81 25 5f 0a b1\nMyFile(0999)\: 0080\:  53 c6 30 7e 15 39 ac f9 5a ee 7f 92 9e a6 05 5b\nMyFile(0999)\: 0090\:  e7 13 97 85 b5 23 92 d9 d4 24 06 d5 09 25 89 75\nMyFile(0999)\: 00a0\:  07 dd a6 1a 8f 3f 09 19 be ad 65 2c 64 eb 95 9b\nMyFile(0999)\: 00b0\:  dc fe 41 5e 17 a6 da 6c 5b 69 cc 02 ba 14 2c 16\nMyFile(0999)\: 00c0\:  24 9c 4a dc cd d0 f7 52 67 73 f1 2d a0 23 fd 7e\nMyFile(0999)\: 00d0\:  f4 31 ca 2d 70 ca 89 0b 04 db 2e a6 4f 70 6e 9e\nMyFile(0999)\: 00e0\:  ce bd 58 89 e2 53 59 9e 6e 5a 92 65 e2 88 3f 0c\nMyFile(0999)\: 00f0\:  94 19 a3 dd e5 e8 9d 95 13 ed 29 db ab 70 12 dc\nMyFile(0999)\: 0100\:  5a ca 6b 17 ab 52 82 54 b1 02 03 01 00 01      \n"
 
+# Same as above, but with !MBEDTLS_PK_WRITE_C
+Debug print certificate #1.1 (RSA)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C
+mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: 01\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using      \: RSA with SHA1\nMyFile(0999)\: RSA key size      \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\n"
+
 Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C
 mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using      \: ECDSA with SHA256\nMyFile(0999)\: EC key size       \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: dumping 'crt->PK' (97 bytes)\nMyFile(0999)\: 0000\:  04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29\nMyFile(0999)\: 0010\:  43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91\nMyFile(0999)\: 0020\:  95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c\nMyFile(0999)\: 0030\:  2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e\nMyFile(0999)\: 0040\:  58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7\nMyFile(0999)\: 0050\:  47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33\nMyFile(0999)\: 0060\:  1e                                             \n"
+
+# Same as above, but with !MBEDTLS_PK_WRITE_C
+Debug print certificate #2.1 (EC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C
+mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using      \: ECDSA with SHA256\nMyFile(0999)\: EC key size       \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 5ec21015fc..05b0112b93 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -245,7 +245,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
 void mbedtls_debug_print_crt(char *crt_file, char *file, int line,
                              char *prefix, char *result_str)
 {