Forget SSL error exceptions when good certs seen for regular requests.

content/browser/ssl/ssl_policy.cc

Index: content/browser/ssl/ssl_policy.cc
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 610f741dd98f65e6dd77777a0f63a98029536393..e2863a7bb4d253f1857416c3b1fb1d1b9e551ec4 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -110,8 +110,13 @@ void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
   // this information back through WebKit and out some FrameLoaderClient
   // methods.
 
-  if (net::IsCertStatusError(info->ssl_cert_status()))
+  if (net::IsCertStatusError(info->ssl_cert_status())) {
     backend_->HostRanInsecureContent(info->url().host(), info->child_id());
+  } else {
+    // If there's no certificate error, a good certificate has been seen, so
+    // clear out any exceptions that were made by the user for bad certificates.
+    backend_->RevokeUserAllowExceptions(info->url().host());

[felt, 2015/04/09 21:05:07]

Can you record how often this happens w/ UMA?

[jww, 2015/04/16 23:59:07]

Hm, this is going to happen every time a good cert is seen, so I'm not sure
that's interesting. What seems interesting to me is when we see revoke a set of
exceptions, and there already *is* a set of exceptions made. I'll add in the
logic for that, so let me know if you disagree.

+  }
 }
 
 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,