- How does a client decide whether it should trust a server's certificate?
There are various ways a client can trust a server's certificate. The chain-of-trust model is the most common. In this model, the client explicitly trusts an authority. The client then implicitly trusts any certificates it encounters that are signed by this trusted authority.
- What is the main issue with self-signed certificates?
Self-signed certificates aren't signed by a trusted certificate authority. Web browsers won't know to trust self-signed certificates unless the user adds a special exception.
- What can cause
SSL_accept() fails if the client doesn't trust the server's certificate or if the client and server can't agree on a mutually supported protocol version and cipher suite.
select()be used to multiplex connections for HTTPS servers?
Yes, but be aware that
select() works on the underlying TCP connection layer, not on the TLS layer. Therefore, when
select() indicates that a socket has data waiting, it does not necessarily mean that there is new TLS data ready.