3 files changed, 37 insertions, 5 deletions

diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 2eb90e5..e8e6f2f 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -6,6 +6,7 @@
 
 #include "base/lazy_instance.h"
 #include "build/build_config.h"
+#include "net/base/cert_database.h"
 #include "net/socket/client_socket_handle.h"
 #if defined(OS_WIN)
 #include "net/socket/ssl_client_socket_nss.h"
@@ -23,12 +24,27 @@
 
 namespace net {
 
+class X509Certificate;
+
 namespace {
 
 bool g_use_system_ssl = false;
 
-class DefaultClientSocketFactory : public ClientSocketFactory {
+class DefaultClientSocketFactory : public ClientSocketFactory,
+                                   public CertDatabase::Observer {
  public:
+  DefaultClientSocketFactory() {
+    CertDatabase::AddObserver(this);
+  }
+
+  virtual ~DefaultClientSocketFactory() {
+    CertDatabase::RemoveObserver(this);
+  }
+
+  virtual void OnUserCertAdded(X509Certificate* cert) {
+    ClearSSLSessionCache();
+  }
+
   virtual ClientSocket* CreateTCPClientSocket(
       const AddressList& addresses,
       NetLog* net_log,
diff --git a/net/socket/client_socket_pool_manager.cc b/net/socket/client_socket_pool_manager.cc
index 999b4e6..3d12256 100644
--- a/net/socket/client_socket_pool_manager.cc
+++ b/net/socket/client_socket_pool_manager.cc
@@ -8,12 +8,15 @@
 
 #include "net/socket/client_socket_pool_manager.h"
 
+#include <string>
+
 #include "base/logging.h"
 #include "base/values.h"
 #include "net/base/ssl_config_service.h"
 #include "net/http/http_proxy_client_socket_pool.h"
-#include "net/socket/client_socket_pool_histograms.h"
 #include "net/proxy/proxy_service.h"
+#include "net/socket/client_socket_factory.h"
+#include "net/socket/client_socket_pool_histograms.h"
 #include "net/socket/socks_client_socket_pool.h"
 #include "net/socket/ssl_client_socket_pool.h"
 #include "net/socket/tcp_client_socket_pool.h"
@@ -98,9 +101,13 @@ ClientSocketPoolManager::ClientSocketPoolManager(
       tcp_for_https_proxy_pool_histograms_("TCPforHTTPSProxy"),
       ssl_for_https_proxy_pool_histograms_("SSLforHTTPSProxy"),
       http_proxy_pool_histograms_("HTTPProxy"),
-      ssl_socket_pool_for_proxies_histograms_("SSLForProxies") {}
+      ssl_socket_pool_for_proxies_histograms_("SSLForProxies") {
+  CertDatabase::AddObserver(this);
+}
 
-ClientSocketPoolManager::~ClientSocketPoolManager() {}
+ClientSocketPoolManager::~ClientSocketPoolManager() {
+  CertDatabase::RemoveObserver(this);
+}
 
 void ClientSocketPoolManager::FlushSocketPools() {
   // Flush the highest level pools first, since higher level pools may release
@@ -392,4 +399,8 @@ Value* ClientSocketPoolManager::SocketPoolInfoToValue() const {
   return list;
 }
 
+void ClientSocketPoolManager::OnUserCertAdded(X509Certificate* cert) {
+  FlushSocketPools();
+}
+
 }  // namespace net
diff --git a/net/socket/client_socket_pool_manager.h b/net/socket/client_socket_pool_manager.h
index 7d610a9..45a0c23 100644
--- a/net/socket/client_socket_pool_manager.h
+++ b/net/socket/client_socket_pool_manager.h
@@ -17,6 +17,7 @@
 #include "base/stl_util-inl.h"
 #include "base/template_util.h"
 #include "base/threading/non_thread_safe.h"
+#include "net/base/cert_database.h"
 #include "net/socket/client_socket_pool_histograms.h"
 
 class Value;
@@ -57,7 +58,8 @@ class OwnedPoolMap : public std::map<Key, Value> {
 
 }  // namespace internal
 
-class ClientSocketPoolManager : public base::NonThreadSafe {
+class ClientSocketPoolManager : public base::NonThreadSafe,
+                                public CertDatabase::Observer {
  public:
   ClientSocketPoolManager(NetLog* net_log,
                           ClientSocketFactory* socket_factory,
@@ -94,6 +96,9 @@ class ClientSocketPoolManager : public base::NonThreadSafe {
   // responsible for deleting the returned value.
   Value* SocketPoolInfoToValue() const;
 
+  // CertDatabase::Observer methods:
+  virtual void OnUserCertAdded(X509Certificate* cert);
+
  private:
   friend class HttpNetworkSessionPeer;