a6d5b6
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
a6d5b6
index 0a2f260..606b6e2 100644
a6d5b6
--- a/src/event/ngx_event_openssl.c
a6d5b6
+++ b/src/event/ngx_event_openssl.c
a6d5b6
@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
a6d5b6
     X509    *x509, *temp;
a6d5b6
     u_long   n;
a6d5b6
 
a6d5b6
+    if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
a6d5b6
+
a6d5b6
+#ifndef OPENSSL_NO_ENGINE
a6d5b6
+
a6d5b6
+        u_char  *p, *last;
a6d5b6
+        ENGINE  *engine;
a6d5b6
+
a6d5b6
+        p = cert->data + sizeof("engine:") - 1;
a6d5b6
+        last = (u_char *) ngx_strchr(p, ':');
a6d5b6
+
a6d5b6
+        if (last == NULL) {
a6d5b6
+            *err = "invalid syntax";
a6d5b6
+            return NULL;
a6d5b6
+        }
a6d5b6
+
a6d5b6
+        *last = '\0';
a6d5b6
+
a6d5b6
+        engine = ENGINE_by_id((char *) p);
a6d5b6
+
a6d5b6
+        if (engine == NULL) {
a6d5b6
+            *err = "ENGINE_by_id() failed";
a6d5b6
+            return NULL;
a6d5b6
+        }
a6d5b6
+
a6d5b6
+        if (!ENGINE_init(engine)) {
a6d5b6
+            *err = "ENGINE_init() failed";
a6d5b6
+            ENGINE_free(engine);
a6d5b6
+            return NULL;
a6d5b6
+        }
a6d5b6
+
a6d5b6
+        *last++ = ':';
a6d5b6
+
a6d5b6
+        struct {
a6d5b6
+            const char *cert_id;
a6d5b6
+            X509 *cert;
a6d5b6
+        } params = { (char *) last, NULL };
a6d5b6
+
a6d5b6
+        if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &params, NULL, 1)) {
a6d5b6
+            *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
a6d5b6
+            ENGINE_free(engine);
a6d5b6
+            return NULL;
a6d5b6
+        }
a6d5b6
+
a6d5b6
+        ENGINE_finish(engine);
a6d5b6
+        ENGINE_free(engine);
a6d5b6
+
a6d5b6
+        /* set chain to null */
a6d5b6
+
a6d5b6
+        *chain = sk_X509_new_null();
a6d5b6
+        if (*chain == NULL) {
a6d5b6
+           *err = "sk_X509_new_null() failed";
a6d5b6
+           X509_free(params.cert);
a6d5b6
+           return NULL;
a6d5b6
+        }
a6d5b6
+
a6d5b6
+        return params.cert;
a6d5b6
+
a6d5b6
+#else
a6d5b6
+
a6d5b6
+        *err = "loading \"engine:...\" certificate is not supported";
a6d5b6
+        return NULL;
a6d5b6
+
a6d5b6
+#endif
a6d5b6
+    }
a6d5b6
+
a6d5b6
     if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
a6d5b6
 
a6d5b6
         bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,