diff --git a/rpm/0001-setup-default-port-443-in-openconnect_vpninfo_new.patch b/rpm/0001-setup-default-port-443-in-openconnect_vpninfo_new.patch
new file mode 100644
index 0000000..3e3ad34
--- /dev/null
+++ b/rpm/0001-setup-default-port-443-in-openconnect_vpninfo_new.patch
@@ -0,0 +1,25 @@
+From e29371add8afd25a6560659053785b541a3d522d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Karas?= <lukas.karas@centrum.cz>
+Date: Sat, 14 Nov 2020 17:18:28 +0100
+Subject: [PATCH 1/3] setup default port 443 in openconnect_vpninfo_new
+
+Signed-off-by: Lukas Karas <lukas.karas@centrum.cz>
+---
+ library.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/library.c b/library.c
+index 586c5798..481c2881 100644
+--- a/library.c
++++ b/library.c
+@@ -81,6 +81,7 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
+ 	vpninfo->req_compr = COMPR_STATELESS;
+ 	vpninfo->max_qlen = 10;
+ 	vpninfo->localname = strdup("localhost");
++	vpninfo->port = 443;
+ 	vpninfo->useragent = openconnect_create_useragent(useragent);
+ 	vpninfo->validate_peer_cert = validate_peer_cert;
+ 	vpninfo->write_new_config = write_new_config;
+-- 
+2.25.1
+
diff --git a/rpm/0002-remove-port-setup-in-ssl-connect.patch b/rpm/0002-remove-port-setup-in-ssl-connect.patch
new file mode 100644
index 0000000..f2f6cf1
--- /dev/null
+++ b/rpm/0002-remove-port-setup-in-ssl-connect.patch
@@ -0,0 +1,27 @@
+From ceaa3dbccf2166cbb470e15d94ca8fddbc5ff454 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Karas?= <lukas.karas@centrum.cz>
+Date: Sat, 14 Nov 2020 20:15:40 +0100
+Subject: [PATCH 2/3] remove port setup in ssl connect
+
+Signed-off-by: Lukas Karas <lukas.karas@centrum.cz>
+---
+ ssl.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/ssl.c b/ssl.c
+index 7d277c3e..3bac5216 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -207,9 +207,6 @@ int connect_https_socket(struct openconnect_info *vpninfo)
+ 	int ssl_sock = -1;
+ 	int err;
+ 
+-	if (!vpninfo->port)
+-		vpninfo->port = 443;
+-
+ 	/* If we're talking to a server which told us it has dynamic DNS, don't
+ 	   just re-use its previous IP address. If we're talking to a proxy, we
+ 	   can use *its* previous IP address. We expect it'll re-do the DNS
+-- 
+2.25.1
+
diff --git a/rpm/0003-check-that-port-is-in-valid-range.patch b/rpm/0003-check-that-port-is-in-valid-range.patch
new file mode 100644
index 0000000..483a29b
--- /dev/null
+++ b/rpm/0003-check-that-port-is-in-valid-range.patch
@@ -0,0 +1,26 @@
+From f3fcf09cee87493665e8915992c0e735b1ad0176 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Karas?= <lukas.karas@centrum.cz>
+Date: Sat, 14 Nov 2020 20:20:09 +0100
+Subject: [PATCH 3/3] check that port is in valid range
+
+Signed-off-by: Lukas Karas <lukas.karas@centrum.cz>
+---
+ http.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/http.c b/http.c
+index 72db08fb..be54fb2e 100644
+--- a/http.c
++++ b/http.c
+@@ -764,6 +764,8 @@ int internal_parse_url(const char *url, char **res_proto, char **res_host,
+ 		if (!*end) {
+ 			*port_str = 0;
+ 			port = new_port;
++			if (port <= 0 || port > 0xffff)
++				return -EINVAL;
+ 		}
+ 	}
+ 
+-- 
+2.25.1
+
diff --git a/rpm/openconnect.spec b/rpm/openconnect.spec
index 3b5666c..7abf48c 100644
--- a/rpm/openconnect.spec
+++ b/rpm/openconnect.spec
@@ -8,6 +8,9 @@ License:    LGPLv2+
 URL:        https://git.sailfishos.org/mer-core/openconnect/
 Source0:    ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
 Patch0:     Make-scripts-more-compatible-with-other-shells.patch
+Patch1:     0001-setup-default-port-443-in-openconnect_vpninfo_new.patch
+Patch2:     0002-remove-port-setup-in-ssl-connect.patch
+Patch3:     0003-check-that-port-is-in-valid-range.patch
 Requires:   vpnc
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig