diff --git a/lib/ssluse.c b/lib/ssluse.c
index 8b248628b..a10f2f5fd 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -482,6 +482,77 @@ void Curl_SSL_Close(struct connectdata *conn)
 }
 #endif
 
+
+/* Selects an OpenSSL crypto engine
+ */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e = ENGINE_by_id(engine);
+
+  if (!e) {
+    failf(data, "SSL Engine '%s' not found", engine);
+    return (CURLE_SSL_ENGINE_NOTFOUND);
+  }
+
+  if (data->engine) {
+    ENGINE_finish(data->engine);
+    ENGINE_free(data->engine);
+  }
+  data->engine = NULL;
+  if (!ENGINE_init(e)) {
+    ENGINE_free(e);
+    failf(data, "Failed to initialise SSL Engine '%s'", engine);
+    return (CURLE_SSL_ENGINE_INITFAILED);
+  }
+  data->engine = e;
+  return (CURLE_OK);
+#else
+  failf(data, "SSL Engine not supported");
+  return (CURLE_SSL_ENGINE_NOTFOUND);
+#endif
+}
+
+/* Sets above engine as default for all SSL operations
+ */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  if (data->engine) {
+    if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
+      infof(data,"set default crypto engine %s\n", data->engine);
+    }
+    else {
+      failf(data, "set default crypto engine %s failed", data->engine);
+      return CURLE_SSL_ENGINE_SETFAILED;
+    }
+  }
+#else
+  (void) data;
+#endif
+  return (CURLE_OK);
+}
+
+/* Build the list of OpenSSL crypto engine names. Add to
+ * linked list at data->engine_list.
+ */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e;
+
+  /* Free previous list */
+  if (data->engine_list)
+    curl_slist_free_all(data->engine_list);
+
+  data->engine_list = NULL;
+  for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+    data->engine_list = curl_slist_append(data->engine_list, ENGINE_get_id(e));
+#endif
+  return (CURLE_OK);
+}
+
+
 #ifdef USE_SSLEAY
 
 /*
@@ -620,11 +691,15 @@ int Curl_SSL_Close_All(struct SessionHandle *data)
     free(data->state.session);
   }
 #ifdef HAVE_OPENSSL_ENGINE_H
-  if(data->engine)
-  {
+  if(data->engine) {
+    ENGINE_finish(data->engine);
     ENGINE_free(data->engine);
     data->engine = NULL;
   }
+  if (data->engine_list)
+    curl_slist_free_all(data->engine_list);
+  data->engine_list = NULL;
+
 #endif
   return 0;
 }
@@ -1483,3 +1558,4 @@ Curl_SSLConnect(struct connectdata *conn,
 #endif
   return retcode;
 }
+
diff --git a/lib/ssluse.h b/lib/ssluse.h
index 886d2ca13..ea7a378e5 100644
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@@ -1,10 +1,10 @@
 #ifndef __SSLUSE_H
 #define __SSLUSE_H
 /***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
@@ -12,7 +12,7 @@
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
@@ -32,7 +32,17 @@ void Curl_SSL_cleanup(void); /* Global SSL cleanup */
 CURLcode Curl_SSL_InitSessions(struct SessionHandle *, long);
 void Curl_SSL_Close(struct connectdata *conn); /* close a SSL connection */
 
-/* tell the SSL stuff to close down all open information regarding 
+/* tell the SSL stuff to close down all open information regarding
    connections (and thus session ID caching etc) */
 int Curl_SSL_Close_All(struct SessionHandle *data);
+
+/* Sets an OpenSSL engine */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine);
+
+/* Sets above engine as default for all SSL operations */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data);
+
+/* Build list of OpenSSL engines */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data);
+
 #endif
diff --git a/lib/strerror.c b/lib/strerror.c
index 10cc80453..ae618c6e4 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -200,6 +200,9 @@ curl_easy_strerror(CURLcode error)
   case CURLE_SSL_ENGINE_SETFAILED:
     return "can not set SSL crypto engine as default";
 
+  case CURLE_SSL_ENGINE_INITFAILED:
+    return "failed to initialise SSL crypto engine";
+
   case CURLE_SEND_ERROR:
     return "failed sending data to the peer";
 
diff --git a/lib/url.c b/lib/url.c
index 7c1cf19be..4b077dfe2 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -97,9 +97,6 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
 #endif
 #endif
 
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
 #include "urldata.h"
 #include "netrc.h"
 
@@ -1150,45 +1147,15 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
      * String that holds the SSL crypto engine.
      */
     argptr = va_arg(param, char *);
-    if (argptr && argptr[0]) {
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-      ENGINE *e = ENGINE_by_id(argptr);
-      if (e) {
-        if (data->engine) {
-          ENGINE_free(data->engine);
-        }
-        data->engine = e;
-      }
-      else {
-        failf(data, "SSL Engine '%s' not found", argptr);
-        result = CURLE_SSL_ENGINE_NOTFOUND;
-      }
-#else
-      failf(data, "SSL Engine not supported");
-      result = CURLE_SSL_ENGINE_NOTFOUND;
-#endif
-    }
+    if (argptr && argptr[0])
+       result = Curl_SSL_set_engine(data, argptr);
     break;
 
   case CURLOPT_SSLENGINE_DEFAULT:
     /*
      * flag to set engine as default.
      */
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-    if (data->engine) {
-      if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
-#ifdef DEBUG
-        fprintf(stderr,"set default crypto engine\n");
-#endif
-      }
-      else {
-#ifdef DEBUG
-        failf(data, "set default crypto engine failed");
-#endif
-        return CURLE_SSL_ENGINE_SETFAILED;
-      }
-    }
-#endif
+    result = Curl_SSL_set_engine_default(data);
     break;
   case CURLOPT_CRLF:
     /*
diff --git a/lib/urldata.h b/lib/urldata.h
index 82af82e8d..bba17a649 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -974,7 +974,8 @@ struct SessionHandle {
                                   other dynamic purposes */
   struct PureInfo info;        /* stats, reports and info data */
 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
-  ENGINE*  engine;
+  ENGINE *engine;
+  struct curl_slist *engine_list; /* list of names from ENGINE_get_id() */
 #endif /* USE_SSLEAY */
 };