--- pppd/eap-tls.c
+++ pppd/eap-tls.c
@@ -328,11 +328,12 @@ SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
 
 	SSL_library_init();
 	SSL_load_error_strings();
-	/* load the openssl config file only once */
-        if (!ssl_config)
-        {
-                ssl_config = eaptls_ssl_load_config();
-	}
+
+	/* load the openssl config file only once and load it before triggering
+	   the loading of a global openssl config file via SSL_CTX_new()
+	 */
+	if (!ssl_config)
+		ssl_config = eaptls_ssl_load_config();
 
 	ctx = SSL_CTX_new(TLS_method());
 
@@ -403,13 +404,12 @@ SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
 				pkey_identifier = cert_identifier;
 			}
 		}
-
 	}
 
 	if (ssl_config && cert_engine_name)
 		cert_engine = eaptls_ssl_load_engine( cert_engine_name );
 
-	if (pkey_engine_name)
+	if (ssl_config && pkey_engine_name)
 	{
 		/* don't load the same engine twice */
 		if ( cert_engine && strcmp( cert_engine_name, pkey_engine_name) == 0 )