Forget SSL error exceptions when good certs seen for regular requests.

content/browser/ssl/ssl_policy.cc

Index: content/browser/ssl/ssl_policy.cc
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 610f741dd98f65e6dd77777a0f63a98029536393..5a627fb484e068be42d45eb0a4796d712edcf3c4 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -8,6 +8,7 @@
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/memory/singleton.h"
+#include "base/metrics/histogram_macros.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "content/browser/frame_host/navigation_entry_impl.h"
@@ -26,6 +27,16 @@
 
 namespace content {
 
+namespace {
+
+// Events for UMA. Do not reorder or change!
+enum SSLGoodCertSeenEvent {
+  NO_PREVIOUS_EXCEPTION = 0,
+  HAD_PREVIOUS_EXCEPTION = 1,
+  SSL_GOOD_CERT_SEEN_EVENT_MAX = 2
+};
+}
+
 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
     : backend_(backend) {
   DCHECK(backend_);
@@ -110,8 +121,20 @@ void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
   // this information back through WebKit and out some FrameLoaderClient
   // methods.
 
-  if (net::IsCertStatusError(info->ssl_cert_status()))
+  if (net::IsCertStatusError(info->ssl_cert_status())) {
     backend_->HostRanInsecureContent(info->url().host(), info->child_id());
+  } else {
+    SSLGoodCertSeenEvent event = NO_PREVIOUS_EXCEPTION;
+    if (backend_->HasAllowException(info->url().host())) {
+      // If there's no certificate error, a good certificate has been seen, so
+      // clear out any exceptions that were made by the user for bad
+      // certificates.
+      backend_->RevokeUserAllowExceptions(info->url().host());
+      event = HAD_PREVIOUS_EXCEPTION;
+    }
+    UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.good_cert_seen", event,
+                              SSL_GOOD_CERT_SEEN_EVENT_MAX);
+  }
 }
 
 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,