1 files changed, 38 insertions, 5 deletions

diff --git a/openssl/doc/apps/c_rehash.pod b/openssl/doc/apps/c_rehash.pod
index c564e8631..ccce29e47 100644
--- a/openssl/doc/apps/c_rehash.pod
+++ b/openssl/doc/apps/c_rehash.pod
@@ -10,13 +10,19 @@ c_rehash - Create symbolic links to files named by the hash values
 =head1 SYNOPSIS
 
 B<c_rehash>
+B<[-old]>
+B<[-h]>
+B<[-n]>
+B<[-v]>
 [ I<directory>...]
 
 =head1 DESCRIPTION
 
-B<c_rehash> scans directories and calculates a hash value of each C<.pem>
+B<c_rehash> scans directories and calculates a hash value of each
+C<.pem>, C<.crt>, C<.cer>, or C<.crl>
 file in the specified directory list and creates symbolic links
 for each file, where the name of the link is the hash value.
+(If the platform does not support symbolic links, a copy is made.)
 This utility is useful as many programs that use OpenSSL require
 directories to be set up like this in order to find certificates.
 
@@ -34,6 +40,7 @@ is a hexadecimal character and B<D> is a single decimal digit.
 When processing a directory, B<c_rehash> will first remove all links
 that have a name in that syntax. If you have links in that format
 used for other purposes, they will be removed.
+To skip the removal step, use the B<-n> flag.
 Hashes for CRL's look similar except the letter B<r> appears after
 the period, like this: C<HHHHHHHH.rD>.
 
@@ -42,7 +49,7 @@ incrementing the B<D> value. Duplicates are found by comparing the
 full SHA-1 fingerprint. A warning will be displayed if a duplicate
 is found.
 
-A warning will also be displayed if there are B<.pem> files that
+A warning will also be displayed if there are files that
 cannot be parsed as either a certificate or a CRL.
 
 The program uses the B<openssl> program to compute the hashes and
@@ -51,13 +58,39 @@ B<OPENSSL> environment variable to the full pathname.
 Any program can be used, it will be invoked as follows for either
 a certificate or CRL:
 
-  $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF
-  $OPENSSL crl -hash -fingerprint -noout -in FFFFFF
+  $OPENSSL x509 -hash -fingerprint -noout -in FILENAME
+  $OPENSSL crl -hash -fingerprint -noout -in FILENAME
 
-where B<FFFFFF> is the filename. It must output the hash of the
+where B<FILENAME> is the filename. It must output the hash of the
 file on the first line, and the fingerprint on the second,
 optionally prefixed with some text and an equals sign.
 
+=head1 OPTIONS
+
+=over 4
+
+=item B<-old>
+
+Use old-style hashing (MD5, as opposed to SHA-1) for generating
+links for releases before 1.0.0.  Note that current versions will
+not use the old style.
+
+=item B<-h>
+
+Display a brief usage message.
+
+=item B<-n>
+
+Do not remove existing links.
+This is needed when keeping new and old-style links in the same directory.
+
+=item B<-v>
+
+Print messages about old links removed and new links created.
+By default, B<c_rehash> only lists each directory as it is processed.
+
+=back
+
 =head1 ENVIRONMENT
 
 =over