Destroy SSLErrorHandler on new navigations so that it can properly be recreated.

chrome/browser/ssl/ssl_error_handler.cc

Index: chrome/browser/ssl/ssl_error_handler.cc
diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index c41a7acbaba8984f72d2c70b1e1ea86cfa10395b..edada5b2b2a54826228e333a1e52f13ca1d02d00 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -126,7 +126,8 @@ SSLErrorHandler::SSLErrorHandler(content::WebContents* web_contents,
                                  const GURL& request_url,
                                  int options_mask,
                                  const base::Callback<void(bool)>& callback)
-    : web_contents_(web_contents),
+    : content::WebContentsObserver(web_contents),
+      web_contents_(web_contents),
       cert_error_(cert_error),
       ssl_info_(ssl_info),
       request_url_(request_url),
@@ -223,3 +224,18 @@ void SSLErrorHandler::Observe(
   }
 #endif
 }
+
+// Destroy the error handler on all new navigations. This ensures that the
+// handler is properly recreated when a hanging page is navigated to an SSL
+// error, even when the tab's WebContents doesn't change.
+void SSLErrorHandler::DidStartNavigationToPendingEntry(
+    const GURL& url,
+    content::NavigationController::ReloadType reload_type) {
+  // Need to explicity deny the certificate via the callback, otherwise memory
+  // is leaked.
+  if (!callback_.is_null()) {
+    callback_.Run(false);
+    callback_.Reset();

[mmenke, 2015/03/20 13:33:50]

base::ResetAndReturn(callback_).Run(false)?  That allows the callback to set a
new callback.  Not currently needed, but seems best to be safe.

[meacer, 2015/03/20 17:46:01]

Done.

+  }
+  web_contents_->RemoveUserData(UserDataKey());
+}