mirror of
https://github.com/moparisthebest/curl
synced 2025-01-06 19:38:05 -05:00
7f70dbcad5
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
123 lines
5.5 KiB
Plaintext
123 lines
5.5 KiB
Plaintext
License Mixing with apps, libcurl and Third Party Libraries
|
|
===========================================================
|
|
|
|
libcurl can be built to use a fair amount of various third party libraries,
|
|
libraries that are written and provided by other parties that are distributed
|
|
using their own licenses. Even libcurl itself contains code that may cause
|
|
problems to some. This document attempts to describe what licenses libcurl and
|
|
the other libraries use and what possible dilemmas linking and mixing them all
|
|
can lead to for end users.
|
|
|
|
I am not a lawyer and this is not legal advice!
|
|
|
|
One common dilemma is that GPL[1]-licensed code is not allowed to be linked
|
|
with code licensed under the Original BSD license (with the announcement
|
|
clause). You may still build your own copies that use them all, but
|
|
distributing them as binaries would be to violate the GPL license - unless you
|
|
accompany your license with an exception[2]. This particular problem was
|
|
addressed when the Modified BSD license was created, which does not have the
|
|
annoncement clause that collides with GPL.
|
|
|
|
libcurl http://curl.haxx.se/docs/copyright.html
|
|
|
|
Uses an MIT (or Modified BSD)-style license that is as liberal as
|
|
possible. Some of the source files that deal with KRB4 have Original
|
|
BSD-style announce-clause licenses. You may not distribute binaries
|
|
with krb4-enabled libcurl that also link with GPL-licensed code!
|
|
|
|
OpenSSL http://www.openssl.org/source/license.html
|
|
|
|
(May be used for SSL/TLS support) Uses an Original BSD-style license
|
|
with an announement clause that makes it "incompatible" with GPL. You
|
|
are not allowed to ship binaries that link with OpenSSL that includes
|
|
GPL code (unless that specific GPL code includes an exception for
|
|
OpenSSL - a habit that is growing more and more common). If OpenSSL's
|
|
licensing is a problem for you, consider using GnuTLS or yassl
|
|
instead.
|
|
|
|
GnuTLS http://www.gnutls.org/
|
|
|
|
(May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
|
|
a problem for you, consider using OpenSSL instead. Also note that
|
|
GnuTLS itself depends on and uses other libs (libgcrypt and
|
|
libgpg-error) and they too are LGPL- or GPL-licensed.
|
|
|
|
yassl http://www.yassl.com/
|
|
|
|
(May be used for SSL/TLS support) Uses the GPL[1] license. If this is
|
|
a problem for you, consider using OpenSSL or GnuTLS instead.
|
|
|
|
NSS http://www.mozilla.org/projects/security/pki/nss/
|
|
|
|
(May be used for SSL/TLS support) Is covered by the MPL[4] license,
|
|
the GPL[1] license and the LGPL[3] license. You may choose to license
|
|
the code under MPL terms, GPL terms, or LGPL terms. These licenses
|
|
grant you different permissions and impose different obligations. You
|
|
should select the license that best meets your needs.
|
|
|
|
c-ares http://daniel.haxx.se/projects/c-ares/license.html
|
|
|
|
(Used for asynchronous name resolves) Uses an MIT license that is very
|
|
liberal and imposes no restrictions on any other library or part you
|
|
may link with.
|
|
|
|
zlib http://www.gzip.org/zlib/zlib_license.html
|
|
|
|
(Used for compressed Transfer-Encoding support) Uses an MIT-style
|
|
license that shouldn't collide with any other library.
|
|
|
|
krb4
|
|
|
|
While nothing in particular says that a Kerberos4 library must use any
|
|
particular license, the one I've tried and used successfully so far
|
|
(kth-krb4) is partly Original BSD-licensed with the announcement
|
|
clause. Some of the code in libcurl that is written to deal with
|
|
Kerberos4 is Modified BSD-licensed.
|
|
|
|
MIT Kerberos http://web.mit.edu/kerberos/www/dist/
|
|
|
|
(May be used for GSS support) MIT licensed, that shouldn't collide
|
|
with any other parts.
|
|
|
|
Heimdal http://www.pdc.kth.se/heimdal/
|
|
|
|
(May be used for GSS support) Heimdal is Original BSD licensed with
|
|
the announcement clause.
|
|
|
|
GNU GSS http://www.gnu.org/software/gss/
|
|
|
|
(May be used for GSS support) GNU GSS is GPL licensed. Note that you
|
|
may not distribute binary curl packages that uses this if you build
|
|
curl to also link and use any Original BSD licensed libraries!
|
|
|
|
fbopenssl
|
|
|
|
(Used for SPNEGO support) Unclear license. Based on its name, I assume
|
|
that it uses the OpenSSL license and thus shares the same issues as
|
|
described for OpenSSL above.
|
|
|
|
libidn http://www.gnu.org/licenses/lgpl.html
|
|
|
|
(Used for IDNA support) Uses the GNU Lesser General Public
|
|
License. LGPL is a variation of GPL with slightly less aggressive
|
|
"copyleft". This license requires more requirements to be met when
|
|
distributing binaries, see the license for details. Also note that if
|
|
you distribute a binary that includes this library, you must also
|
|
include the full LGPL license text. Please properly point out what
|
|
parts of the distributed package that the license addresses.
|
|
|
|
OpenLDAP http://www.openldap.org/software/release/license.html
|
|
|
|
(Used for LDAP support) Uses a Modified BSD-style license. Since
|
|
libcurl uses OpenLDAP as a shared library only, I have not heard of
|
|
anyone that ships OpenLDAP linked with libcurl in an app.
|
|
|
|
|
|
[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html
|
|
[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
|
|
how to write such an exception to the GPL
|
|
[3] = LGPL - GNU Lesser General Public License:
|
|
http://www.gnu.org/licenses/lgpl.html
|
|
[4] = MPL - Mozilla Public License:
|
|
http://www.mozilla.org/MPL/
|