diff --git a/src/openssl/tls-internal.h b/src/openssl/tls-internal.h
index e640150d..615f79e3 100644
--- a/src/openssl/tls-internal.h
+++ b/src/openssl/tls-internal.h
@@ -67,7 +67,7 @@ typedef struct _getdns_tls_connection {
 	const getdns_log_config* log;
 #if defined(USE_DANESSL)
 	const char* auth_name;
-	sha256_pin_t* pinset;
+	const sha256_pin_t* pinset;
 #endif
 } _getdns_tls_connection;
 
diff --git a/src/openssl/tls.c b/src/openssl/tls.c
index 33e37a4c..3a8878ce 100644
--- a/src/openssl/tls.c
+++ b/src/openssl/tls.c
@@ -904,7 +904,7 @@ getdns_return_t _getdns_tls_connection_set_host_pinset(_getdns_tls_connection* c
 	if (!conn || !conn->ssl || !auth_name)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-#if defined(USE_DANE_SSL)
+#if defined(USE_DANESSL)
 	/* Stash auth name and pinset away for use in cert verification. */
 	conn->auth_name = auth_name;
 	conn->pinset = pinset;