Clear the SSL Client Auth cache when a new SSL Client Certificate is...

net/http/http_network_session.cc

Index: net/http/http_network_session.cc
===================================================================
--- net/http/http_network_session.cc	(revision 75583)
+++ net/http/http_network_session.cc	(working copy)
@@ -14,6 +14,7 @@
 #include "net/http/http_response_body_drainer.h"
 #include "net/http/url_security_manager.h"
 #include "net/socket/client_socket_factory.h"
+#include "net/socket/ssl_client_socket.h"
 #include "net/spdy/spdy_session_pool.h"
 
 namespace net {
@@ -62,4 +63,15 @@
   return spdy_session_pool_.SpdySessionPoolInfoToValue();
 }
 
+void HttpNetworkSession::ResetSSLState() {
+  // Erase any mapping from host:port to client certificate.
+  ssl_client_auth_cache()->Clear();
+  // Clear any cached ssl sessions so that we do not resume with the old
+  // certificate.
+  SSLClientSocket::ClearSSLSessionCache();
+  // Close all connections to force a reconnection.
+  FlushSocketPools();
+  spdy_session_pool()->CloseAllSessions();

[wtc, 2011/02/23 00:38:38]

Should we imitate NetworkChangeNotifier and add a
CertDatabase::Observer interface, and make these four classes
observers of CertDatabase changes?  This is more in keeping
with the C++ coding style in the Chromium source tree.  See
how the SpdySessionPool class implements the
NetworkChangeNotifier::Observer and
SSLConfigService::Observer interfaces.

Note: SpdySessionPool calls CloseCurrentSessions() in
those two observer methods.  So perhaps it's enough to
call CloseCurrentSessions() here, too.

+}
+
 }  //  namespace net