Thanks for your reply. We no longer save the callback, as we can't see a way to check wether a callback is valid or not.
Because of the root cause of the original problem being a chromium bug, we marking this thread as solved as we have implemented a workaround.
We have implemented an application-internal certificate-store with the following responsibilities
1. track informations about user-accepted self-signed certificates
2. interface to the NSS-DB to query certificate informations
This certificate-store is used in
- RequestHandler::OnBeforeBrowse
We encode the information that the user wants to ignore an invalid certificate in the URL. If this URL gets called, the corresponding certificate is inserted into the store. The target URL is extracted from the URL-parameters and loaded with LoadURL. - RequestHandler::OnCertificateError
The store is checked for the invalid certificate and if its contained (either as user-accepted certificate or as trusted certificate in the NSS-DB) the callback will continue. If the certificate is not contained, we load the error information page (see first post). The callback is cancelled. - LoadHandler::OnLoadError
If the error code is ERR_INSECURE_RESPONSE, the store is checked for the invalid certificate and if its contained, the browser gets reloaded. Otherwise we load the error information page.