diff --git a/gnutls.c b/gnutls.c
index 726531a3..f09a9c7e 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -265,7 +265,7 @@ static int load_datum(struct openconnect_info *vpninfo,
 	}
 #endif /* ANDROID_KEYSTORE */
 
-	fd = open_utf8(vpninfo, fname, O_RDONLY|O_CLOEXEC|O_BINARY);
+	fd = openconnect_open_utf8(vpninfo, fname, O_RDONLY|O_CLOEXEC|O_BINARY);
 	if (fd == -1) {
 		err = errno;
 		vpn_progress(vpninfo, PRG_ERR,
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 1774ac1f..526980e2 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -65,6 +65,8 @@ OPENCONNECT_PRIVATE {
  global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@
 	openconnect_version_str;
 	openconnect_sha1;
+	openconnect_open_utf8;
+	openconnect_fopen_utf8;
  local:
 	*;
 };
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 8e1e5837..8881d731 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -594,8 +594,10 @@ void cmd_fd_set(struct openconnect_info *vpninfo, fd_set *fds, int *maxfd);
 void check_cmd_fd(struct openconnect_info *vpninfo, fd_set *fds);
 int is_cancel_pending(struct openconnect_info *vpninfo, fd_set *fds);
 void poll_cmd_fd(struct openconnect_info *vpninfo, int timeout);
-int open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode);
-FILE *fopen_utf8(struct openconnect_info *vpninfo, const char *fname, const char *mode);
+int openconnect_open_utf8(struct openconnect_info *vpninfo,
+			  const char *fname, int mode);
+FILE *openconnect_fopen_utf8(struct openconnect_info *vpninfo,
+			     const char *fname, const char *mode);
 
 /* {gnutls,openssl}.c */
 int openconnect_open_https(struct openconnect_info *vpninfo);
diff --git a/openssl.c b/openssl.c
index f8b88b32..772cebce 100644
--- a/openssl.c
+++ b/openssl.c
@@ -597,7 +597,7 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
 static int load_cert_chain_file(struct openconnect_info *vpninfo)
 {
 	BIO *b;
-	FILE *f = fopen_utf8(vpninfo, vpninfo->cert, "rb");
+	FILE *f = openconnect_fopen_utf8(vpninfo, vpninfo->cert, "rb");
 	STACK_OF(X509) *extra_certs = NULL;
 	char buf[200];
 
@@ -746,7 +746,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 		FILE *f;
 		PKCS12 *p12;
 
-		f = fopen_utf8(vpninfo, vpninfo->cert, "rb");
+		f = openconnect_fopen_utf8(vpninfo, vpninfo->cert, "rb");
 		if (!f) {
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Failed to open certificate file %s: %s\n"),
@@ -826,7 +826,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 #endif /* ANDROID_KEYSTORE */
 
 	if (vpninfo->cert_type == CERT_TYPE_UNKNOWN) {
-		FILE *f = fopen_utf8(vpninfo, vpninfo->sslkey, "rb");
+		FILE *f = openconnect_fopen_utf8(vpninfo, vpninfo->sslkey, "rb");
 		char buf[256];
 
 		if (!f) {
@@ -862,7 +862,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 		return load_tpm_certificate(vpninfo);
 	else {
 		RSA *key;
-		FILE *f = fopen_utf8(vpninfo, vpninfo->sslkey, "rb");
+		FILE *f = openconnect_fopen_utf8(vpninfo, vpninfo->sslkey, "rb");
 		BIO *b;
 
 		if (!f) {
diff --git a/ssl.c b/ssl.c
index 1ba5eb00..eef09b9b 100644
--- a/ssl.c
+++ b/ssl.c
@@ -413,7 +413,7 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo)
 	if (!func)
 		goto notsupp;
 
-	fd = open_utf8(vpninfo, vpninfo->sslkey, O_RDONLY);
+	fd = openconnect_open_utf8(vpninfo, vpninfo->sslkey, O_RDONLY);
 	if (fd == -1) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Failed to open private key file '%s': %s\n"),
@@ -673,7 +673,7 @@ void poll_cmd_fd(struct openconnect_info *vpninfo, int timeout)
 }
 
 #ifdef _WIN32
-int open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode)
+int openconnect_open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode)
 {
 	wchar_t *fname_w;
 	int nr_chars = MultiByteToWideChar(CP_UTF8, 0, fname, -1, NULL, 0);
@@ -696,7 +696,7 @@ int open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode)
 	return fd;
 }
 #else
-int open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode)
+int openconnect_open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode)
 {
 	char *legacy_fname = openconnect_utf8_to_legacy(vpninfo, fname);
 	int fd;
@@ -709,8 +709,8 @@ int open_utf8(struct openconnect_info *vpninfo, const char *fname, int mode)
 }
 #endif
 
-FILE *fopen_utf8(struct openconnect_info *vpninfo, const char *fname,
-		 const char *mode)
+FILE *openconnect_fopen_utf8(struct openconnect_info *vpninfo, const char *fname,
+			     const char *mode)
 {
 	int fd;
 
@@ -718,12 +718,12 @@ FILE *fopen_utf8(struct openconnect_info *vpninfo, const char *fname,
 	   modes without implementing proper mode->flags conversion, complain! */
 	if (strcmp(mode, "rb")) {
 		vpn_progress(vpninfo, PRG_ERR,
-			     _("fopen_utf8() used with unsupported mode '%s'\n"),
+			     _("openconnect_fopen_utf8() used with unsupported mode '%s'\n"),
 			     mode);
 		return NULL;
 	}
 
-	fd = open_utf8(vpninfo, fname, O_RDONLY|O_CLOEXEC|O_BINARY);
+	fd = openconnect_open_utf8(vpninfo, fname, O_RDONLY|O_CLOEXEC|O_BINARY);
 	if (fd == -1)
 		return NULL;