130     bssl::UniquePtr<X509> x509(X509_new());  in createSelfSignedCertificate()  local
131     if (!x509) {  in createSelfSignedCertificate()
134     X509_set_version(x509.get(), 2);  in createSelfSignedCertificate()
135     X509_gmtime_adj(X509_get_notBefore(x509.get()), 0);  in createSelfSignedCertificate()
136     X509_gmtime_adj(X509_get_notAfter(x509.get()), kCertLifetimeSeconds);  in createSelfSignedCertificate()
137     ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), kRootSubject.serialNumber);  in createSelfSignedCertificate()
143         !X509_set1_signature_algo(x509.get(), algor.get())) {  in createSelfSignedCertificate()
147     if (!X509_set_pubkey(x509.get(), rsa_pkey.value().get())) {  in createSelfSignedCertificate()
151     X509_NAME* subjectName = X509_get_subject_name(x509.get());  in createSelfSignedCertificate()
158     if (!X509_set_issuer_name(x509.get(), subjectName)) {  in createSelfSignedCertificate()
163     X509V3_set_ctx(&context, x509.get(), x509.get(), nullptr, nullptr, 0);  in createSelfSignedCertificate()
164     add_ext(&context, x509.get(), NID_basic_constraints, "CA:TRUE");  in createSelfSignedCertificate()
165     add_ext(&context, x509.get(), NID_key_usage, "critical,keyCertSign,cRLSign,digitalSignature");  in createSelfSignedCertificate()
166     add_ext(&context, x509.get(), NID_subject_key_identifier, "hash");  in createSelfSignedCertificate()
167     add_ext(&context, x509.get(), NID_authority_key_identifier, "keyid:always");  in createSelfSignedCertificate()
171     size_t to_be_signed_length = i2d_re_X509_tbs(x509.get(), &to_be_signed_buf);  in createSelfSignedCertificate()
179     if (!X509_set1_signature_value(x509.get(),  in createSelfSignedCertificate()
189     i2d_X509_fp(f, x509.get());  in createSelfSignedCertificate()