I've searched on google and bing, openssl faq, some API man-pages, no hints found.
Is this a historical problem, or a deliberated design?
Think of SSL_CTX as a factory for making SSL objects. SSL connections are only handled by SSL objects. However they can have many settings. Rather than duplicate this every time you want a new SSL object you create an SSL_CTX with all the settings in it up front, and then you can create as many SSL objects as you like with those settings already there. You can of course still choose to set things up at an individual SSL object level if you so wish.