diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1b4f275
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/mod_auth_openidc-1.8.8.tar.gz
diff --git a/.mod_auth_openidc.metadata b/.mod_auth_openidc.metadata
new file mode 100644
index 0000000..c60aa50
--- /dev/null
+++ b/.mod_auth_openidc.metadata
@@ -0,0 +1 @@
+7c104ab387273cd2794f18f7d66ced700a14aa80 SOURCES/mod_auth_openidc-1.8.8.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 98f42b4..0000000
--- a/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/decrypt_aesgcm.patch b/SOURCES/decrypt_aesgcm.patch
new file mode 100644
index 0000000..c0993ec
--- /dev/null
+++ b/SOURCES/decrypt_aesgcm.patch
@@ -0,0 +1,72 @@
+commit 71dcbcda4692922360fe6222bd6556cce89d98e4
+Author: John Dennis <jdennis@redhat.com>
+Date:   Thu Mar 31 16:09:11 2016 -0400
+
+    apr_jwe_decrypt_content_aesgcm() null terminate string
+    
+    Also fixes unit test failure.
+    
+    The test test_jwt_decrypt_gcm() in test.c would sometimes fail. The
+    failure was caused by extra garbage appearing in the decrypted string
+    after the expected string. This is due to the failure of
+    apr_jwe_decrypt_content_aesgcm() to null terminate the string as is
+    similarity done in apr_jwe_decrypt_content_aescbc().
+    
+    This patch copies the logic from apr_jwe_decrypt_content_aescbc()
+    regarding the decryption output length (p_len) and the final output
+    length (f_len) which are then used to compute the end of the data in
+    the output buffer, the next octet after the decrypted data in the
+    output buffer is then assigned a null terminator.
+    
+    Signed-off-by: John Dennis <jdennis@redhat.com>
+
+diff --git a/src/jose/apr_jwe.c b/src/jose/apr_jwe.c
+index 6800033..d4b64cb 100644
+--- a/src/jose/apr_jwe.c
++++ b/src/jose/apr_jwe.c
+@@ -382,7 +382,7 @@ apr_byte_t apr_jwe_decrypt_content_aesgcm(apr_pool_t *pool,
+ 		apr_jwt_error_t *err) {
+ 
+ 	EVP_CIPHER_CTX *ctx;
+-	int outlen, rv;
++	int rv;
+ 
+ 	ctx = EVP_CIPHER_CTX_new();
+ 	if (!EVP_DecryptInit_ex(ctx, apr_jwe_enc_to_openssl_cipher(header->enc),
+@@ -391,8 +391,9 @@ apr_byte_t apr_jwe_decrypt_content_aesgcm(apr_pool_t *pool,
+ 		return FALSE;
+ 	}
+ 
++	int p_len = cipher_text->len, f_len = 0;
+ 	unsigned char *plaintext = apr_palloc(pool,
+-			cipher_text->len
++			p_len
+ 			+ EVP_CIPHER_block_size(
+ 					apr_jwe_enc_to_openssl_cipher(header->enc)));
+ 
+@@ -407,13 +408,13 @@ apr_byte_t apr_jwe_decrypt_content_aesgcm(apr_pool_t *pool,
+ 		return FALSE;
+ 	}
+ 	/* zero or more calls to specify any AAD */
+-	if (!EVP_DecryptUpdate(ctx, NULL, &outlen, (unsigned char *) aad,
++	if (!EVP_DecryptUpdate(ctx, NULL, &p_len, (unsigned char *) aad,
+ 			aad_len)) {
+ 		apr_jwt_error_openssl(err, "EVP_DecryptUpdate (aad)");
+ 		return FALSE;
+ 	}
+ 	/* decrypt plaintext */
+-	if (!EVP_DecryptUpdate(ctx, plaintext, &outlen,
++	if (!EVP_DecryptUpdate(ctx, plaintext, &p_len,
+ 			(unsigned char *) cipher_text->value, cipher_text->len)) {
+ 		apr_jwt_error_openssl(err, "EVP_DecryptUpdate (ciphertext)");
+ 		return FALSE;
+@@ -425,7 +426,8 @@ apr_byte_t apr_jwe_decrypt_content_aesgcm(apr_pool_t *pool,
+ 	}
+ 
+ 	/* finalise: note get no output for GCM */
+-	rv = EVP_DecryptFinal_ex(ctx, plaintext, &outlen);
++	rv = EVP_DecryptFinal_ex(ctx, plaintext, &f_len);
++	plaintext[p_len + f_len] = '\0';
+ 
+ 	EVP_CIPHER_CTX_free(ctx);
+ 
diff --git a/SPECS/mod_auth_openidc.spec b/SPECS/mod_auth_openidc.spec
new file mode 100644
index 0000000..dd140ef
--- /dev/null
+++ b/SPECS/mod_auth_openidc.spec
@@ -0,0 +1,108 @@
+%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
+%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
+%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %{_sysconfdir}/httpd/conf.d}}
+
+# Optionally build with hiredis if --with hiredis is passed
+%{!?_with_hiredis: %{!?_without_hiredis: %global _without_hiredis --without-hiredis}}
+# It is an error if both or neither required options exist.
+%{?_with_hiredis: %{?_without_hiredis: %{error: both _with_hiredis and _without_hiredis}}}
+%{!?_with_hiredis: %{!?_without_hiredis: %{error: neither _with_hiredis nor _without_hiredis}}}
+
+# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
+%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
+
+%global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
+
+Name:		mod_auth_openidc
+Version:	1.8.8
+Release:	3%{?dist}
+Summary:	OpenID Connect auth module for Apache HTTP Server
+
+Group:		System Environment/Daemons
+License:	ASL 2.0
+URL:		https://github.com/pingidentity/mod_auth_openidc
+Source0:	https://github.com/pingidentity/mod_auth_openidc/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+Patch0: decrypt_aesgcm.patch
+
+BuildRequires:	httpd-devel
+BuildRequires:	openssl-devel
+BuildRequires:	curl-devel
+BuildRequires:	jansson-devel
+BuildRequires:	pcre-devel
+BuildRequires:	autoconf
+BuildRequires:	automake
+%{?_with_hiresdis:BuildRequires: hiresdis-devel}
+Requires:	httpd-mmn = %{_httpd_mmn}
+
+%description
+This module enables an Apache 2.x web server to operate as
+an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
+
+%prep
+%setup -q
+%patch0 -p1 -b decrypt_aesgcm
+
+%build
+# workaround rpm-buildroot-usage
+export MODULES_DIR=%{_httpd_moddir}
+export APXS2_OPTS='-S LIBEXECDIR=${MODULES_DIR}'
+autoreconf
+%configure \
+  %{?_with_hiredis} \
+  %{?_without_hiredis}
+
+make %{?_smp_mflags}
+
+%check
+export MODULES_DIR=%{_httpd_moddir}
+make %{?_smp_mflags} test
+
+%install
+mkdir -p $RPM_BUILD_ROOT%{_httpd_moddir}
+make install MODULES_DIR=$RPM_BUILD_ROOT%{_httpd_moddir}
+
+install -m 755 -d $RPM_BUILD_ROOT%{_httpd_modconfdir}
+echo 'LoadModule auth_openidc_module modules/mod_auth_openidc.so' > \
+	$RPM_BUILD_ROOT%{_httpd_modconfdir}/10-auth_openidc.conf
+
+install -m 755 -d $RPM_BUILD_ROOT%{_httpd_confdir}
+install -m 644 auth_openidc.conf $RPM_BUILD_ROOT%{_httpd_confdir}
+# Adjust httpd cache location in install config file
+sed -i 's!/var/cache/apache2/!/var/cache/httpd/!' $RPM_BUILD_ROOT%{_httpd_confdir}/auth_openidc.conf
+install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}
+install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/metadata
+install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
+
+
+%files
+%if 0%{?rhel} && 0%{?rhel} < 7
+%doc LICENSE.txt
+%else
+%license LICENSE.txt
+%endif
+%doc ChangeLog
+%doc AUTHORS
+%doc DISCLAIMER
+%doc README.md
+%{_httpd_moddir}/mod_auth_openidc.so
+%config(noreplace) %{_httpd_modconfdir}/10-auth_openidc.conf
+%config(noreplace) %{_httpd_confdir}/auth_openidc.conf
+%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}
+%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/metadata
+%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
+
+%changelog
+* Thu Mar 31 2016 John Dennis <jdennis@redhat.com> - 1.8.8-3
+- fix unit test failure caused by apr_jwe_decrypt_content_aesgcm()
+  failing to null terminate decrypted string
+  Resolves: bug#1292561 New package: mod_auth_openidc
+
+* Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-2
+- Add %check to run test
+  Resolves: bug#1292561 New package: mod_auth_openidc
+
+* Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-1
+- Initial import
+  Resolves: bug#1292561 New package: mod_auth_openidc
+