Tương tự như kiểu dữ liệu, `List` bạn import từ `typing`.

    Như danh sách là một kiểu dữ liệu chứa các kiểu dữ liệu có sẵn, bạn đặt chúng bên trong dấu ngoặc vuông:

    ```Python hl_lines="4"
    {!> ../../../docs_src/python_types/tutorial006.py!}
    ```

!!! info
    Các kiểu dữ liệu có sẵn bên trong dấu ngoặc vuông được gọi là "tham số kiểu dữ liệu".

		}
		san := util.ExtractSANExtension(cert.Extensions)
		if san == nil {
			t.Errorf("%s: No SAN extension is found in the certificate", id)
		}
		expected, err := util.BuildSubjectAltNameExtension(subjectID)
		if err != nil {
			t.Errorf("%s: BuildSubjectAltNameExtension error: %v", id, err)
		}
		if !reflect.DeepEqual(expected, san) {

			ClientCert: file.MustAsString(path.Join(env.IstioSrc, "tests/testdata/certs/dns/cert-chain.pem")),
			Key:        file.MustAsString(path.Join(env.IstioSrc, "tests/testdata/certs/dns/key.pem")),
			// Override hostname to match the SAN in the cert we are using
			// TODO(nmittler): We should probably make this the same as ExternalHostname
			Hostname: "server.default.svc",
		},
		Subsets: []echo.SubsetConfig{
			{
				Version:     "v1",

//
//	certificate for server workloads to give them different trust domains.
//
// 2. One client workload with sidecar injected.
// 3. Two naked server workloads with custom certs whose URI SAN have different SPIFFE trust domains.
// 4. PeerAuthentication with strict mtls, to enforce the mtls connection.

				fwLog.Errorf("Failed to parse client certificate: %v", err)
			}
			fwLog.Debugf("Using client certificate [%s] issued by %s", cert.SerialNumber, cert.Issuer)
			for _, uri := range cert.URIs {
				fwLog.Debugf("  URI SAN: %s", uri)
			}
		}
		// nolint: unparam
		return func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
			fwLog.Debugf("Peer asking for client certificate")
			for i, ca := range info.AcceptableCAs {

lationDescr":"NO STOPPING/STANDING","Fine":93,"Latitude":99999,"Longitude":99999} {"Ticket":1106226590,"IssueData":"2015-09-15T00:00:00","IssueTime":"19","RPState":"CA","PlateExpiry":"201507","Make":"CHEV","BodyStyle":"VN","Color":"GY","Location":"SAN PEDRO S/O BOYD","Route":"1A35W","Agency":1,"ViolationCode":"4000A1","ViolationDescr":"NO EVIDENCE OF REG","Fine":50,"Latitude":99999,"Longitude":99999} {"Ticket":1106500452,"IssueData":"2015-12-17T00:00:00","IssueTime":"1710","RPState":"CA","PlateE...

		if len(c.IPAddresses) == 0 {
			return "x509: cannot validate certificate for " + h.Host + " because it doesn't contain any IP SANs"
		}
		for _, san := range c.IPAddresses {
			if len(valid) > 0 {
				valid += ", "
			}
			valid += san.String()
		}
	} else {
		valid = strings.Join(c.DNSNames, ", ")
	}

	if len(valid) == 0 {

		expectedError: "incompatible key usage",
	},

	// An invalid DNS SAN should be detected only at validation time so
	// that we can process CA certificates in the wild that have invalid SANs.
	// See https://github.com/golang/go/issues/23995

	// #77: an invalid DNS or mail SAN will not be detected if name constraint
	// checking is not triggered.
	{
		roots: make([]constraintsSpec, 1),

		return errors.New("x509: invalid subject alternative names")
	}
	for !der.Empty() {
		var san cryptobyte.String
		var tag cryptobyte_asn1.Tag
		if !der.ReadAnyASN1(&san, &tag) {
			return errors.New("x509: invalid subject alternative name")
		}
		if err := callback(int(tag^0x80), san); err != nil {
			return err
		}
	}

	return nil
}

# ISTIO_CUSTOM_IP_TABLES=false

# Location of provisioning certificates. VM provisioning tools must generate a certificate with
# the expected SAN. Istio-agent will use it to connect to istiod and get fresh certificates.
# PROV_CERT=/var/run/secrets/istio

# Location to save the certificates from the CA. Setting this to the same location with PROV_CERT