diff --git a/ChangeLog.txt b/ChangeLog.txt
index 6a55e4ee..c5618b5d 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -55,6 +55,7 @@ Broker:
 - Fix mosquitto_plugin.h not including mosquitto_broker.h. Closes #2350.
 - Fix unlimited message quota not being properly checked for incoming
   messages. Closes #2593.
+- Fixed build for openssl compiled with OPENSSL_NO_ENGINE. Closes #2589.
 
 Client library:
 - Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid
diff --git a/src/net.c b/src/net.c
index 71bf54c8..80d2c8d6 100644
--- a/src/net.c
+++ b/src/net.c
@@ -570,7 +570,7 @@ int net__tls_load_verify(struct mosquitto__listener *listener)
 #ifdef WITH_TLS
 	int rc;
 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#  if OPENSSL_VERSION_NUMBER < 0x30000000L
 	if(listener->cafile || listener->capath){
 		rc = SSL_CTX_load_verify_locations(listener->ssl_ctx, listener->cafile, listener->capath);
 		if(rc == 0){
@@ -583,7 +583,7 @@ int net__tls_load_verify(struct mosquitto__listener *listener)
 			}
 		}
 	}
-#else
+#  else
 	if(listener->cafile){
 		rc = SSL_CTX_load_verify_file(listener->ssl_ctx, listener->cafile);
 		if(rc == 0){
@@ -600,11 +600,13 @@ int net__tls_load_verify(struct mosquitto__listener *listener)
 			return MOSQ_ERR_TLS;
 		}
 	}
-#endif
+#  endif
 
+#  if !defined(OPENSSL_NO_ENGINE)
 	if(net__load_engine(listener)){
 		return MOSQ_ERR_TLS;
 	}
+#  endif
 #endif
 	return net__load_certificates(listener);
 }