In the top answer to
it is recommended:
Generally, use HTTPS for anything that needs to be secure (you should do this anyway, also over ethernet, but especially over Wi-Fi now), use a VPN as an extra layer, etc.
I'm trying to grasp how HTTPS could be secure over a broken transport layer. Isn't a man-in-the-middle attack possible? Are there other concerns I'm not thinking about?
Is HTTPS actually reliable protection when used over open or broken WiFi?
Edit: I'm aware of the math details of asymmetric cryptography. I'm asking about MITM. I guess what I was missing is the security aspect of the HTTPS certificates being signed. In that case, if I'm understanding right, trusting self-signed certificates and using WPA2 would allow a man-in-the-middle attack? But if you have a valid list of certificate authorities (a valid way to check the signatures on certs) and you don't trust self-signed certs...then you would be safe?
