1 License Mixing with apps, libcurl and Third Party Libraries 2 =========================================================== 3 4libcurl can be built to use a fair amount of various third party libraries, 5libraries that are written and provided by other parties that are distributed 6using their own licenses. Even libcurl itself contains code that may cause 7problems to some. This document attempts to describe what licenses libcurl and 8the other libraries use and what possible dilemmas linking and mixing them all 9can lead to for end users. 10 11I am not a lawyer and this is not legal advice! 12 13One common dilemma is that GPL[1]-licensed code is not allowed to be linked 14with code licensed under the Original BSD license (with the announcement 15clause). You may still build your own copies that use them all, but 16distributing them as binaries would be to violate the GPL license - unless you 17accompany your license with an exception[2]. This particular problem was 18addressed when the Modified BSD license was created, which does not have the 19announcement clause that collides with GPL. 20 21libcurl http://curl.haxx.se/docs/copyright.html 22 23 Uses an MIT (or Modified BSD)-style license that is as liberal as 24 possible. Some of the source files that deal with KRB4 have Original 25 BSD-style announce-clause licenses. You may not distribute binaries 26 with krb4-enabled libcurl that also link with GPL-licensed code! 27 28OpenSSL http://www.openssl.org/source/license.html 29 30 (May be used for SSL/TLS support) Uses an Original BSD-style license 31 with an announcement clause that makes it "incompatible" with GPL. You 32 are not allowed to ship binaries that link with OpenSSL that includes 33 GPL code (unless that specific GPL code includes an exception for 34 OpenSSL - a habit that is growing more and more common). If OpenSSL's 35 licensing is a problem for you, consider using GnuTLS or yassl 36 instead. 37 38GnuTLS http://www.gnutls.org/ 39 40 (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is 41 a problem for you, consider using OpenSSL instead. Also note that 42 GnuTLS itself depends on and uses other libs (libgcrypt and 43 libgpg-error) and they too are LGPL- or GPL-licensed. 44 45yassl http://www.yassl.com/ 46 47 (May be used for SSL/TLS support) Uses the GPL[1] license. If this is 48 a problem for you, consider using OpenSSL or GnuTLS instead. 49 50NSS http://www.mozilla.org/projects/security/pki/nss/ 51 52 (May be used for SSL/TLS support) Is covered by the MPL[4] license, 53 the GPL[1] license and the LGPL[3] license. You may choose to license 54 the code under MPL terms, GPL terms, or LGPL terms. These licenses 55 grant you different permissions and impose different obligations. You 56 should select the license that best meets your needs. 57 58axTLS http://axtls.sourceforge.net/ 59 60 (May be used for SSL/TLS support) Uses a Modified BSD-style license. 61 62c-ares http://daniel.haxx.se/projects/c-ares/license.html 63 64 (Used for asynchronous name resolves) Uses an MIT license that is very 65 liberal and imposes no restrictions on any other library or part you 66 may link with. 67 68zlib http://www.gzip.org/zlib/zlib_license.html 69 70 (Used for compressed Transfer-Encoding support) Uses an MIT-style 71 license that shouldn't collide with any other library. 72 73krb4 74 75 While nothing in particular says that a Kerberos4 library must use any 76 particular license, the one I've tried and used successfully so far 77 (kth-krb4) is partly Original BSD-licensed with the announcement 78 clause. Some of the code in libcurl that is written to deal with 79 Kerberos4 is Modified BSD-licensed. 80 81MIT Kerberos http://web.mit.edu/kerberos/www/dist/ 82 83 (May be used for GSS support) MIT licensed, that shouldn't collide 84 with any other parts. 85 86Heimdal http://www.pdc.kth.se/heimdal/ 87 88 (May be used for GSS support) Heimdal is Original BSD licensed with 89 the announcement clause. 90 91GNU GSS http://www.gnu.org/software/gss/ 92 93 (May be used for GSS support) GNU GSS is GPL licensed. Note that you 94 may not distribute binary curl packages that uses this if you build 95 curl to also link and use any Original BSD licensed libraries! 96 97fbopenssl 98 99 (Used for SPNEGO support) Unclear license. Based on its name, I assume 100 that it uses the OpenSSL license and thus shares the same issues as 101 described for OpenSSL above. 102 103libidn http://josefsson.org/libidn/ 104 105 (Used for IDNA support) Uses the GNU Lesser General Public 106 License [3]. LGPL is a variation of GPL with slightly less aggressive 107 "copyleft". This license requires more requirements to be met when 108 distributing binaries, see the license for details. Also note that if 109 you distribute a binary that includes this library, you must also 110 include the full LGPL license text. Please properly point out what 111 parts of the distributed package that the license addresses. 112 113OpenLDAP http://www.openldap.org/software/release/license.html 114 115 (Used for LDAP support) Uses a Modified BSD-style license. Since 116 libcurl uses OpenLDAP as a shared library only, I have not heard of 117 anyone that ships OpenLDAP linked with libcurl in an app. 118 119libssh2 http://www.libssh2.org/ 120 121 (Used for scp and sftp support) libssh2 uses a Modified BSD-style 122 license. 123 124[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html 125[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on 126 how to write such an exception to the GPL 127[3] = LGPL - GNU Lesser General Public License: 128 http://www.gnu.org/licenses/lgpl.html 129[4] = MPL - Mozilla Public License: 130 http://www.mozilla.org/MPL/ 131