diff --git a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
new file mode 100644
index 0000000..033f428
--- /dev/null
+++ b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
@@ -0,0 +1,89 @@
+From 5bb9d1becd94b7c1d3fa2261efc4df9c354fb062 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse@intel.com>
+Date: Thu, 14 Jun 2012 00:55:54 +0100
+Subject: [PATCH] Fix GnuTLS 2.12 library still referencing OpenSSL
+ ERR_print_errors_cb()
+
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+---
+ configure.ac           |    2 ++
+ libopenconnect.map.in  |    2 +-
+ openconnect-internal.h |    5 ++---
+ ssl.c                  |    8 +-------
+ 4 files changed, 6 insertions(+), 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4cb33b1..9feef4d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -316,6 +316,7 @@ case "$ssl_library" in
+ 	AC_SUBST(SSL_LIBRARY, [openssl])
+ 	AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
+ 	AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
++	AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
+ 	;;
+     both)
+ 	# GnuTLS for TCP, OpenSSL for DTLS
+@@ -326,6 +327,7 @@ case "$ssl_library" in
+ 	AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
+ 	AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)'])
+ 	AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
++	AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
+ 	;;
+     *)
+ 	AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
+diff --git a/libopenconnect.map.in b/libopenconnect.map.in
+index b6dc842..9e3a47a 100644
+--- a/libopenconnect.map.in
++++ b/libopenconnect.map.in
+@@ -31,7 +31,7 @@ OPENCONNECT_2.0 {
+ };
+ 
+ OPENCONNECT_PRIVATE {
+- global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@
++ global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@ @SYMVER_PRINT_ERR@
+ 	openconnect_SSL_gets;
+ 	openconnect_close_https;
+ 	openconnect_open_https;
+diff --git a/openconnect-internal.h b/openconnect-internal.h
+index 37c6400..d67e601 100644
+--- a/openconnect-internal.h
++++ b/openconnect-internal.h
+@@ -337,9 +337,8 @@ int request_passphrase(struct openconnect_info *vpninfo, const char *label,
+ 		       char **response, const char *fmt, ...);
+ int  __attribute__ ((format (printf, 2, 3)))
+     openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
+-#if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL)
+-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
+-#endif
++int openconnect_print_err_cb(const char *str, size_t len, void *ptr);
++#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v))
+ 
+ /* ${SSL_LIBRARY}.c */
+ int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
+diff --git a/ssl.c b/ssl.c
+index de16ec4..2303b6f 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -357,17 +357,11 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo)
+ #if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL)
+ /* We put this here rather than in openssl.c because it might be needed
+    for OpenSSL DTLS support even when GnuTLS is being used for HTTPS */
+-#include <openssl/err.h>
+-static int print_err(const char *str, size_t len, void *ptr)
++int openconnect_print_err_cb(const char *str, size_t len, void *ptr)
+ {
+ 	struct openconnect_info *vpninfo = ptr;
+ 
+ 	vpn_progress(vpninfo, PRG_ERR, "%s", str);
+ 	return 0;
+ }
+-
+-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo)
+-{
+-	ERR_print_errors_cb(print_err, vpninfo);
+-}
+ #endif
+-- 
+1.7.10.2
+
diff --git a/openconnect.spec b/openconnect.spec
index 2782629..58a059e 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -1,12 +1,13 @@
 Name:		openconnect
 Version:	3.99
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	Open client for Cisco AnyConnect VPN
 
 Group:		Applications/Internet
 License:	LGPLv2+
 URL:		http://www.infradead.org/openconnect.html
 Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
+Patch1:		0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel
@@ -32,6 +33,7 @@ for NetworkManager etc.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 %configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls
@@ -65,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/openconnect.pc
 
 %changelog
+* Thu Jun 14 2012 David Woodhouse <David.Woodhouse@intel.com> - 3.99-3
+- Fix library not to reference OpenSSL symbols when linked against GnuTLS 2
+
 * Thu Jun 14 2012 David Woodhouse <David.Woodhouse@intel.com> - 3.99-2
 - Fix GnuTLS BuildRequires