From 74ec3d96961790a1af8663fcb6f6400efbd61550 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Thu, 1 May 2014 16:47:22 -0400
Subject: [PATCH] ssl: there is no need to use -des3 in key generation if we're
 just going to remove the passphrase

thanks @konklone for discussion
---
 scripts/mail.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/scripts/mail.sh b/scripts/mail.sh
index 7dd48d08..88b214d2 100755
--- a/scripts/mail.sh
+++ b/scripts/mail.sh
@@ -210,9 +210,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
 # Create a self-signed certifiate.
 mkdir -p $STORAGE_ROOT/ssl
 if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
-	openssl genrsa -des3 -passout pass:x -out /tmp/server.key 2048 # create key, but it has a password...
-	openssl rsa -passin pass:x -in /tmp/server.key -out $STORAGE_ROOT/ssl/ssl_private_key.pem # remove password and save it to the right location
-	rm /tmp/server.key # remove temporary password-laden key
+	openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048
 	openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \
 	  -subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME"
 	openssl x509 -req -days 365 \