Clear the SSL Client Auth cache when a new SSL Client Certificate is...

content/browser/renderer_host/x509_user_cert_resource_handler.cc

Index: content/browser/renderer_host/x509_user_cert_resource_handler.cc
===================================================================
--- content/browser/renderer_host/x509_user_cert_resource_handler.cc	(revision 75583)
+++ content/browser/renderer_host/x509_user_cert_resource_handler.cc	(working copy)
@@ -15,8 +15,11 @@
 #include "net/base/mime_sniffer.h"
 #include "net/base/mime_util.h"
 #include "net/base/x509_certificate.h"
+#include "net/http/http_network_session.h"
 #include "net/http/http_response_headers.h"
+#include "net/http/http_transaction_factory.h"
 #include "net/url_request/url_request.h"
+#include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_status.h"
 
 X509UserCertResourceHandler::X509UserCertResourceHandler(
@@ -107,6 +110,13 @@
   // The handler will run the UI and delete itself when it's finished.
   new SSLAddCertHandler(request_, cert, render_process_host_id_,
                         render_view_id_);
+  // Force all new SSL connects to renegotiate, and hence use this new
+  // certificate if necessary.
+  if (request_->context()->http_transaction_factory()) {
+    net::HttpNetworkSession* session =
+        request_->context()->http_transaction_factory()->GetSession();
+    session->ResetSSLState();

[wtc, 2011/02/23 00:38:38]

I think it's better to call session->ResetSSLState() (or
notify the CertDatabase observers as I suggest below) from
CertDatabase::AddUserCert().

The new SSLAddCertHandler call on line 111 above merely
starts the process to add the new cert, but it may fail.

+  }
   return true;
 }