MINOR: ssl/cli: flush the server session cache upon 'commit ssl cert'

Flush the SSL session cache when updating a certificate which is used on a
server line. This prevent connections to be established with a cached
session which was using the previous SSL_CTX.

This patch also replace the ha_barrier with a thread_isolate() since there
are more operations to do. The reg-test was also updated to remove the
'no-ssl-reuse' keyword which is now uneeded.

reg-tests/ssl/set_ssl_server_cert.vtc

@@ -34,7 +34,7 @@ haproxy h1 -conf {
     listen clear-lst
         bind "fd@${clearlst}"
         retries 0 # 2nd SSL connection must fail so skip the retry
-        server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client1.pem no-ssl-reuse
+        server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client1.pem
 
     listen ssl-lst
         # crt: certificate of the server

src/ssl_ckch.c

@@ -1399,17 +1399,26 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 				list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
 					/* The bind_conf will be null on server ckch_instances. */
 					if (ckchi->is_server_instance) {
+						int i;
+
 						/* The certificate update on the server side (backend)
 						 * can be done by rewritting a single pointer so no
 						 * locks are needed here. */
 						/* free the server current SSL_CTX */
 						SSL_CTX_free(ckchi->server->ssl_ctx.ctx);
 						/* Actual ssl context update */
+						thread_isolate();
 						SSL_CTX_up_ref(ckchi->ctx);
 						ckchi->server->ssl_ctx.ctx = ckchi->ctx;
-						__ha_barrier_store();
 						ckchi->server->ssl_ctx.inst = ckchi;
 
+						/* flush the session cache of the server */
+						for (i = 0; i < global.nbthread; i++) {
+							free(ckchi->server->ssl_ctx.reused_sess[i].ptr);
+							ckchi->server->ssl_ctx.reused_sess[i].ptr = NULL;
+						}
+						thread_release();
+
 					} else {
 						HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
 						ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);