diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt
index 597c70495b..b7e048a1fd 100644
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@@ -120,7 +120,7 @@ endif()
 set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls)
 
 # Link mbedtls libraries to component library
-target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
+target_link_libraries(${COMPONENT_LIB} PUBLIC ${mbedtls_targets})
 
 # Link esp-cryptoauthlib to mbedtls
 if(CONFIG_ATCA_MBEDTLS_ECDSA)
diff --git a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
index c03da8d9a8..27b1665571 100644
--- a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
+++ b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
@@ -196,9 +196,10 @@ esp_err_t esp_crt_bundle_attach(void *conf)
          * This is only required so that the
          * cacert_ptr passes non-NULL check during handshake
          */
+        mbedtls_ssl_config *ssl_conf = (mbedtls_ssl_config *)conf;
         mbedtls_x509_crt_init(&s_dummy_crt);
-        ((mbedtls_ssl_config *)conf)->ca_chain = &s_dummy_crt;
-        mbedtls_ssl_conf_verify((mbedtls_ssl_config *)conf, esp_crt_verify_callback, NULL);
+        mbedtls_ssl_conf_ca_chain(ssl_conf, &s_dummy_crt, NULL);
+        mbedtls_ssl_conf_verify(ssl_conf, esp_crt_verify_callback, NULL);
     }
 
     return ret;