diff --git a/ChangeLog b/ChangeLog
index b9668328b..efd0e032a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -87,6 +87,8 @@ API Changes
      (Thanks to Mansour Moufid for helping with the replacement.)
    * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION
      (support for renegotiation now needs explicit enabling in config.h).
+   * Split MBEDTLS_HAVE_TIME into MBEDTLS_HAVE_TIME and MBEDTLS_HAVE_TIME_DATE
+     in config.h
    * net_connect() and net_bind() have a new 'proto' argument to choose
      between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
    * Some constness fixes
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5f620be0d..9fb870a72 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -44,6 +44,10 @@
 #error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
 #endif
 
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
 #if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
 #error "MBEDTLS_AESNI_C defined, but not all prerequisites"
 #endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 02dd96934..3c0fb136b 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -67,12 +67,26 @@
 /**
  * \def MBEDTLS_HAVE_TIME
  *
- * System has time.h and time() / localtime()  / gettimeofday().
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
  *
  * Comment if your system does not support time functions
  */
 #define MBEDTLS_HAVE_TIME
 
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
 /**
  * \def MBEDTLS_PLATFORM_MEMORY
  *
diff --git a/library/x509.c b/library/x509.c
index 2efa62f03..0ca4b4a7b 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -874,11 +874,7 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
     return( 0 );
 }
 
-/*
- * Return 0 if the mbedtls_x509_time is still valid, or 1 otherwise.
- */
-#if defined(MBEDTLS_HAVE_TIME)
-
+#if defined(MBEDTLS_HAVE_TIME_DATE)
 static int x509_get_current_time( mbedtls_x509_time *now )
 {
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -982,7 +978,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
     return( x509_check_time( from, &now ) );
 }
 
-#else  /* MBEDTLS_HAVE_TIME */
+#else  /* MBEDTLS_HAVE_TIME_DATE */
 
 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
 {
@@ -995,7 +991,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
     ((void) from);
     return( 0 );
 }
-#endif /* MBEDTLS_HAVE_TIME */
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
 #if defined(MBEDTLS_SELF_TEST)