From 71bfffc54d65eab7c04877c2fc4581c25e52f9c3 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 13 Jul 2014 23:17:29 +0000
Subject: [PATCH] Rename the context allocation from ressl_new to ressl_client,
 which makes it completely obvious what the context is for. Ensure client
 functions are used on client contexts.

---
 lib/libressl/ressl.h          |  2 +-
 lib/libressl/ressl_client.c   | 23 +++++++++++++++++++++++
 lib/libressl/ressl_internal.h |  6 ++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/libressl/ressl.h b/lib/libressl/ressl.h
index 766335aa0cd..e7e0a9c51b0 100644
--- a/lib/libressl/ressl.h
+++ b/lib/libressl/ressl.h
@@ -36,7 +36,7 @@ void ressl_config_set_verify_depth(struct ressl_config *config,
 void ressl_config_insecure_no_verify(struct ressl_config *config);
 void ressl_config_verify(struct ressl_config *config);
 
-struct ressl *ressl_new(void);
+struct ressl *ressl_client(void);
 int ressl_configure(struct ressl *ctx, struct ressl_config *config);
 void ressl_reset(struct ressl *ctx);
 void ressl_free(struct ressl *ctx);
diff --git a/lib/libressl/ressl_client.c b/lib/libressl/ressl_client.c
index 2e4f2538567..1d1ad72b862 100644
--- a/lib/libressl/ressl_client.c
+++ b/lib/libressl/ressl_client.c
@@ -28,6 +28,19 @@
 #include <ressl.h>
 #include "ressl_internal.h"
 
+struct ressl *
+ressl_client(void)
+{
+	struct ressl *ctx;
+
+	if ((ctx = ressl_new()) == NULL)
+		return (NULL);
+
+	ctx->flags |= RESSL_CLIENT;
+
+	return (ctx);
+}
+
 int
 ressl_connect(struct ressl *ctx, const char *host, const char *port)
 {
@@ -36,6 +49,11 @@ ressl_connect(struct ressl *ctx, const char *host, const char *port)
 	char *hs = NULL, *ps = NULL;
 	int rv = -1, s = -1, ret;
 
+	if ((ctx->flags & RESSL_CLIENT) == 0) {
+		ressl_set_error(ctx, "not a client context");
+		goto err;
+	}
+
 	if (host == NULL) {
 		ressl_set_error(ctx, "host not specified");
 		goto err;
@@ -108,6 +126,11 @@ ressl_connect_socket(struct ressl *ctx, int socket, const char *hostname)
 	X509 *cert = NULL;
 	int ret;
 
+	if ((ctx->flags & RESSL_CLIENT) == 0) {
+		ressl_set_error(ctx, "not a client context");
+		goto err;
+	}
+
 	ctx->socket = socket;
 
 	/* XXX - add a configuration option to control versions. */
diff --git a/lib/libressl/ressl_internal.h b/lib/libressl/ressl_internal.h
index f4eec10e63e..260ae8e1f93 100644
--- a/lib/libressl/ressl_internal.h
+++ b/lib/libressl/ressl_internal.h
@@ -33,8 +33,12 @@ struct ressl_config {
         int verify_depth;
 };
 
+#define RESSL_CLIENT		(1 << 0)
+#define RESSL_SERVER		(1 << 1)
+
 struct ressl {
         struct ressl_config *config;
+	uint64_t flags;
 
         int err;
         char *errmsg;
@@ -45,6 +49,8 @@ struct ressl {
         SSL_CTX *ssl_ctx;
 };
 
+struct ressl *ressl_new(void);
+
 int ressl_check_hostname(X509 *cert, const char *host);
 int ressl_host_port(const char *hostport, char **host, char **port);
 int ressl_set_error(struct ressl *ctx, char *fmt, ...);
-- 
2.20.1