If the Ring request map key :scheme has value of :https, is it guaranteed that a HTTPS connection has been established and there were no certificate errors?
This is probably a question that relates to whatever servlet container you're using rather than ring.
ring-servlet populates the :scheme key by getting a value from the HttpServletRequest:
:scheme (keyword (.getScheme request))
The servlet specification has only this to say about getScheme:
Returns the name of the scheme used to make this request, for example, http, https, or ftp. Different schemes have different rules for constructing URLs, as noted in RFC 1738.
Interestingly, ring-servlet does not call the isSecure method on the servlet request. So I think your question should probably be:
"When using <insert your container name here> is it possible for getScheme() on a ServletRequest to return "https" when isSecure() returns false?"