diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec
index 4384584..ee08a57 100644
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@@ -15,7 +15,7 @@
 
 Name:		mod_auth_openidc
 Version:	2.3.7
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	OpenID Connect auth module for Apache HTTP Server
 
 Group:		System Environment/Daemons
@@ -97,6 +97,9 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
 
 %changelog
+* Thu Aug 16 2018  <jdennis@redhat.com> - 2.3.7-3
+- update test-segfault.patch to match upstream
+
 * Tue Aug 14 2018  <jdennis@redhat.com> - 2.3.7-2
 - Resolves: rhbz# 1614977 - fix unit test segfault,
   the problem was not limited exclusively to s390x, but s390x provoked it.
diff --git a/test-segfault.patch b/test-segfault.patch
index 61dd1c8..34bf7f0 100644
--- a/test-segfault.patch
+++ b/test-segfault.patch
@@ -1,6 +1,6 @@
-commit f7104535a5c686173c8cb875ae2ab56ab51b9e56
+commit fe7dfb14c45262df3b15bda374b2ee390b43cfb4
 Author: John Dennis <jdennis@redhat.com>
-Date:   Tue Aug 14 15:36:51 2018 -0400
+Date:   Tue Aug 14 18:08:56 2018 -0400
 
     test_proto_authorization_request() segfault due to uninitialized value
     
@@ -30,6 +30,8 @@ Date:   Tue Aug 14 15:36:51 2018 -0400
     OIDC_AUTH_REQUEST_METHOD ever added a new enumerated value.
     
     The defined values for OIDC_AUTH_REQUEST_METHOD are:
+    define OIDC_AUTH_REQUEST_METHOD_GET  0
+    define OIDC_AUTH_REQUEST_METHOD_POST 1
     
     So what the test on line src/proto.c:646 is really saying is this:
     if provider->auth_request_method != 1 then use the GET method.
@@ -94,6 +96,8 @@ Date:   Tue Aug 14 15:36:51 2018 -0400
     operated on and if the enumerated value is not valid it should return
     an error.
     
+Note: The above was fixed in the following commit.
+
     Signed-off-by: John Dennis <jdennis@redhat.com>
 
 diff --git a/test/test.c b/test/test.c
@@ -127,3 +131,37 @@ index 16f09b5..87d3700 100755
  	request->connection->local_addr = apr_pcalloc(request->pool,
  			sizeof(apr_sockaddr_t));
  
+commit aca77a82c1ce2f1ec8f363066ffbc480b3bd75c8
+Author: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
+Date:   Wed Aug 15 07:47:57 2018 +0200
+
+    add sanity check on provider->auth_request_method; closes #382
+    
+    thanks @jdennis; bump to 2.3.8rc4
+    
+    Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
+
+diff --git a/src/proto.c b/src/proto.c
+index e9dbc99..ac7696a 100644
+--- a/src/proto.c
++++ b/src/proto.c
+@@ -649,7 +649,7 @@ int oidc_proto_authorization_request(request_rec *r,
+ 		rv = oidc_proto_html_post(r, provider->authorization_endpoint_url,
+ 				params);
+ 
+-	} else {
++	} else if (provider->auth_request_method == OIDC_AUTH_REQUEST_METHOD_GET) {
+ 
+ 		/* construct the full authorization request URL */
+ 		authorization_request = oidc_util_http_query_encoded_url(r,
+@@ -666,6 +666,10 @@ int oidc_proto_authorization_request(request_rec *r,
+ 			/* and tell Apache to return an HTTP Redirect (302) message */
+ 			rv = HTTP_MOVED_TEMPORARILY;
+ 		}
++	} else {
++		oidc_error(r, "provider->auth_request_method set to wrong value: %d",
++				provider->auth_request_method);
++		return HTTP_INTERNAL_SERVER_ERROR;
+ 	}
+ 
+ 	/* add a referred token binding request for the provider if enabled */