Fix a problem that cert trust change needs a chrome restart to be effective.

This seems to be caused by CertVerifier's verification result cache.
- Added a new OnCertTrustChanged to CertDatabase::Observer;
- For NSS cert database, SetCertTrust triggers OnCertTrustChanged;
- Clear CertVerifier's result cache when OnCertDatabaseChanged is fired;

BUG=chromium-os:7988
TEST=Verify #2 issue in chromium-os:7988 where cert trust change only takes
effect after chrome restart.

Review URL: http://codereview.chromium.org/6816035

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81433 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 11 insertions, 2 deletions

diff --git a/net/spdy/spdy_session_pool.cc b/net/spdy/spdy_session_pool.cc
index 9d14f4e..9e49d45 100644
--- a/net/spdy/spdy_session_pool.cc
+++ b/net/spdy/spdy_session_pool.cc
@@ -249,7 +249,15 @@ scoped_refptr<SpdySession> SpdySessionPool::GetFromAlias(
   return NULL;
 }
 
-void SpdySessionPool::OnUserCertAdded(X509Certificate* cert) {
+void SpdySessionPool::OnUserCertAdded(const X509Certificate* cert) {
+  CloseCurrentSessions();
+}
+
+void SpdySessionPool::OnCertTrustChanged(const X509Certificate* cert) {
+  // Per wtc, we actually only need to CloseCurrentSessions when trust is
+  // reduced. CloseCurrentSessions now because OnCertTrustChanged does not
+  // tell us this.
+  // See comments in ClientSocketPoolManager::OnCertTrustChanged.
   CloseCurrentSessions();
 }
 
diff --git a/net/spdy/spdy_session_pool.h b/net/spdy/spdy_session_pool.h
index 7a08861..32531d5 100644
--- a/net/spdy/spdy_session_pool.h
+++ b/net/spdy/spdy_session_pool.h
@@ -115,7 +115,8 @@ class SpdySessionPool
   static void enable_ip_pooling(bool value) { g_enable_ip_pooling = value; }
 
   // CertDatabase::Observer methods:
-  virtual void OnUserCertAdded(X509Certificate* cert);
+  virtual void OnUserCertAdded(const X509Certificate* cert);
+  virtual void OnCertTrustChanged(const X509Certificate* cert);
 
  private:
   friend class SpdySessionPoolPeer;  // For testing.