diff --git a/auth.c b/auth.c
index e3f80da0..c3bc4fbc 100644
--- a/auth.c
+++ b/auth.c
@@ -33,12 +33,12 @@
 #include <ctype.h>
 #include <errno.h>
 
-#ifdef LIBSTOKEN_HDR
-#include LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
+#include <stoken.h>
 #endif
 
-#ifdef LIBOATH_HDR
-#include LIBOATH_HDR
+#ifdef HAVE_LIBOATH
+#include <liboath/oath.h>
 #endif
 
 #include <libxml/parser.h>
@@ -849,7 +849,7 @@ static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
 }
 
 
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 static void nuke_opt_values(struct oc_form_opt *opt)
 {
 	for (; opt; opt = opt->next) {
@@ -873,7 +873,7 @@ static void nuke_opt_values(struct oc_form_opt *opt)
  */
 int prepare_stoken(struct openconnect_info *vpninfo)
 {
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	struct oc_auth_form form;
 	struct oc_form_opt opts[3], *opt = opts;
 	char **devid = NULL, **pass = NULL, **pin = NULL;
@@ -998,7 +998,7 @@ static int can_gen_stoken_code(struct openconnect_info *vpninfo,
 			       struct oc_auth_form *form,
 			       struct oc_form_opt *opt)
 {
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	if ((strcmp(opt->name, "password") && strcmp(opt->name, "answer")) ||
 	    vpninfo->token_bypassed)
 		return -EINVAL;
@@ -1031,7 +1031,7 @@ static int can_gen_totp_code(struct openconnect_info *vpninfo,
 			     struct oc_auth_form *form,
 			     struct oc_form_opt *opt)
 {
-#if defined(LIBOATH_HDR)
+#ifdef HAVE_LIBOATH
 	if ((strcmp(opt->name, "secondary_password") != 0) ||
 	    vpninfo->token_bypassed)
 		return -EINVAL;
@@ -1079,7 +1079,7 @@ static int do_gen_stoken_code(struct openconnect_info *vpninfo,
 			      struct oc_auth_form *form,
 			      struct oc_form_opt *opt)
 {
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	char tokencode[STOKEN_MAX_TOKENCODE + 1];
 
 	if (!vpninfo->token_time)
@@ -1105,7 +1105,7 @@ static int do_gen_totp_code(struct openconnect_info *vpninfo,
 			    struct oc_auth_form *form,
 			    struct oc_form_opt *opt)
 {
-#if defined(LIBOATH_HDR)
+#ifdef HAVE_LIBOATH
 	int oath_err;
 	char tokencode[7];
 
diff --git a/configure.ac b/configure.ac
index 10cb1b4d..81635f3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -499,7 +499,7 @@ AC_ARG_WITH([stoken],
 AS_IF([test "x$with_stoken" != "xno"], [
 	PKG_CHECK_MODULES(LIBSTOKEN, stoken,
 			[AC_SUBST(LIBSTOKEN_PC, stoken)
-			 AC_DEFINE([LIBSTOKEN_HDR], ["stoken.h"])
+			 AC_DEFINE([HAVE_LIBSTOKEN], 1)
 			 libstoken_pkg=yes],
 			 libstoken_pkg=no)
 ], [libstoken_pkg=disabled])
@@ -510,7 +510,7 @@ AC_ARG_WITH([liboath],
 AS_IF([test "x$with_liboath" != "xno"], [
 	PKG_CHECK_MODULES(LIBOATH, liboath,
 		[AC_SUBST(LIBOATH_PC, liboath)
-		 AC_DEFINE([LIBOATH_HDR], ["liboath/oath.h"])
+		 AC_DEFINE([HAVE_LIBOATH], 1)
 		 liboath_pkg=yes],
 		 liboath_pkg=no)
 ])
diff --git a/library.c b/library.c
index c0db569b..c6f7a40a 100644
--- a/library.c
+++ b/library.c
@@ -27,12 +27,12 @@
 #include <errno.h>
 #include <stdlib.h>
 
-#ifdef LIBSTOKEN_HDR
-#include LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
+#include <stoken.h>
 #endif
 
-#ifdef LIBOATH_HDR
-#include LIBOATH_HDR
+#ifdef HAVE_LIBOATH
+#include <liboath/oath.h>
 #endif
 
 #include <libxml/tree.h>
@@ -144,13 +144,13 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
 		vpninfo->peer_cert = NULL;
 	}
 	free(vpninfo->useragent);
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	if (vpninfo->stoken_pin)
 		free(vpninfo->stoken_pin);
 	if (vpninfo->stoken_ctx)
 		stoken_destroy(vpninfo->stoken_ctx);
 #endif
-#ifdef LIBOATH_HDR
+#ifdef HAVE_LIBOATH
 	if (vpninfo->oath_secret)
 		oath_done();
 #endif
@@ -323,7 +323,7 @@ int openconnect_has_tss_blob_support(void)
 
 int openconnect_has_stoken_support(void)
 {
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	return 1;
 #else
 	return 0;
@@ -332,7 +332,7 @@ int openconnect_has_stoken_support(void)
 
 int openconnect_has_oath_support(void)
 {
-#ifdef LIBOATH_HDR
+#ifdef HAVE_LIBOATH
 	return 1;
 #else
 	return 0;
@@ -342,7 +342,7 @@ int openconnect_has_oath_support(void)
 static int set_libstoken_mode(struct openconnect_info *vpninfo,
 			      const char *token_str)
 {
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	int ret;
 
 	if (!vpninfo->stoken_ctx) {
@@ -367,7 +367,7 @@ static int set_libstoken_mode(struct openconnect_info *vpninfo,
 static int set_oath_mode(struct openconnect_info *vpninfo,
 			 const char *token_str)
 {
-#ifdef LIBOATH_HDR
+#ifdef HAVE_LIBOATH
 	int ret;
 
 	ret = oath_init();
diff --git a/main.c b/main.c
index f8ce9d84..3d081309 100644
--- a/main.c
+++ b/main.c
@@ -293,10 +293,10 @@ static void usage(void)
 	printf("      --token-mode=MODE           %s\n", _("Software token type: stoken (default) or totp"));
 	printf("      --token-secret[=STRING]     %s\n", _("Software token secret (can be empty for stoken mode"));
 	printf("                                  %s\n", _("    to read from ~/.stokenrc)"));
-#ifndef LIBSTOKEN_HDR
+#ifndef HAVE_LIBSTOKEN
 	printf("                                  %s\n", _("(NOTE: libstoken (RSA SecurID) disabled in this build)"));
 #endif
-#ifndef LIBOATH_HDR
+#ifndef HAVE_LIBOATH
 	printf("                                  %s\n", _("(NOTE: liboath (TOTP) disabled in this build)"));
 #endif
 	printf("      --reconnect-timeout         %s\n", _("Connection retry timeout in seconds"));
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 1ca93f6f..51172af0 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -62,8 +62,8 @@
 #include LIBPROXY_HDR
 #endif
 
-#ifdef LIBSTOKEN_HDR
-#include LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
+#include <stoken.h>
 #endif
 
 #ifdef ENABLE_NLS
@@ -185,11 +185,11 @@ struct openconnect_info {
 	int token_bypassed;
 	int token_tries;
 	time_t token_time;
-#ifdef LIBSTOKEN_HDR
+#ifdef HAVE_LIBSTOKEN
 	struct stoken_ctx *stoken_ctx;
 	char *stoken_pin;
 #endif
-#ifdef LIBOATH_HDR
+#ifdef HAVE_LIBOATH
 	char *oath_secret;
 	size_t oath_secret_len;
 #endif