One common dilemma is that GPL[1]-licensed code is not allowed to be linked
with code licensed under the Original BSD license (with the announcement
-clause, unless there's a specified exception in the GPL-licensed module). You
-may still build your own copies that use them all, but distributing them as
-binaries would be to violate the GPL license - unless you accompany your
-license with an exception[2]. This particular problem was addressed when the
-Modified BSD license was created, which does not have the annoncement clause
-that collides with GPL.
+clause). You may still build your own copies that use them all, but
+distributing them as binaries would be to violate the GPL license - unless you
+accompany your license with an exception[2]. This particular problem was
+addressed when the Modified BSD license was created, which does not have the
+announcement clause that collides with GPL.
libcurl http://curl.haxx.se/docs/copyright.html
Uses an MIT (or Modified BSD)-style license that is as liberal as
- possible. Some of the source files that deal with KRB4 have Original
- BSD-style announce-clause licenses. You may not distribute binaries
- with krb4-enabled libcurl that also link with GPL-licensed code!
+ possible.
OpenSSL http://www.openssl.org/source/license.html
- Uses an Original BSD-style license with an announement clause that
- makes it "incompatible" with GPL. You are not allowed to ship binaries
- that link with OpenSSL that includes GPL code (unless that specific
- GPL code includes an exception for OpenSSL - a habit that is growing
- more and more common).
+ (May be used for SSL/TLS support) Uses an Original BSD-style license
+ with an announcement clause that makes it "incompatible" with GPL. You
+ are not allowed to ship binaries that link with OpenSSL that includes
+ GPL code (unless that specific GPL code includes an exception for
+ OpenSSL - a habit that is growing more and more common). If OpenSSL's
+ licensing is a problem for you, consider using GnuTLS or yassl
+ instead.
+
+GnuTLS http://www.gnutls.org/
+
+ (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
+ a problem for you, consider using OpenSSL instead. Also note that
+ GnuTLS itself depends on and uses other libs (libgcrypt and
+ libgpg-error) and they too are LGPL- or GPL-licensed.
+
+yassl http://www.yassl.com/
+
+ (May be used for SSL/TLS support) Uses the GPL[1] license. If this is
+ a problem for you, consider using OpenSSL or GnuTLS instead.
+
+NSS http://www.mozilla.org/projects/security/pki/nss/
+
+ (May be used for SSL/TLS support) Is covered by the MPL[4] license,
+ the GPL[1] license and the LGPL[3] license. You may choose to license
+ the code under MPL terms, GPL terms, or LGPL terms. These licenses
+ grant you different permissions and impose different obligations. You
+ should select the license that best meets your needs.
+
+axTLS http://axtls.sourceforge.net/
+
+ (May be used for SSL/TLS support) Uses a Modified BSD-style license.
c-ares http://daniel.haxx.se/projects/c-ares/license.html
- Uses an MIT license that is very liberal and imposes no restrictions
- on any other library or part you may link with.
+ (Used for asynchronous name resolves) Uses an MIT license that is very
+ liberal and imposes no restrictions on any other library or part you
+ may link with.
zlib http://www.gzip.org/zlib/zlib_license.html
- Uses an MIT-style license that shouldn't collide with any other
- library.
+ (Used for compressed Transfer-Encoding support) Uses an MIT-style
+ license that shouldn't collide with any other library.
-krb4
+MIT Kerberos http://web.mit.edu/kerberos/www/dist/
- While nothing in particular says that a Kerberos4 library must use any
- particular license, the one I've tried and used successfully so far
- (kth-krb4) is Original BSD-licensed with the announcement clause. Some
- of the code in libcurl that is written to deal with Kerberos4 likewise
- have such a license.
+ (May be used for GSS support) MIT licensed, that shouldn't collide
+ with any other parts.
-GSSAPI
+Heimdal http://www.pdc.kth.se/heimdal/
- While nothing in particular says that a GSS/Kerberos5 library must use
- any particular license, the one I've used (Heimdal) is Original BSD-
- licensed with the announcement clause.
+ (May be used for GSS support) Heimdal is Original BSD licensed with
+ the announcement clause.
-fbopenssl
+GNU GSS http://www.gnu.org/software/gss/
- Unclear license. Based on its name, I assume that it uses the OpenSSL
- license and thus shares the same issues as described for OpenSSL
- above.
+ (May be used for GSS support) GNU GSS is GPL licensed. Note that you
+ may not distribute binary curl packages that uses this if you build
+ curl to also link and use any Original BSD licensed libraries!
-libidn http://www.gnu.org/licenses/lgpl.html
+libidn http://josefsson.org/libidn/
- Uses the GNU Lesser General Public License. LGPL is a variation of GPL
- with slightly less aggressive "copyleft". This license requires more
- requirements to be met when distributing binaries, see the license for
- details. Also note that if you distribute a binary that includes this
- library, you must also include the full LGPL license text. Please
- properly point out what parts of the distributed package that the
- license addresses.
+ (Used for IDNA support) Uses the GNU Lesser General Public
+ License [3]. LGPL is a variation of GPL with slightly less aggressive
+ "copyleft". This license requires more requirements to be met when
+ distributing binaries, see the license for details. Also note that if
+ you distribute a binary that includes this library, you must also
+ include the full LGPL license text. Please properly point out what
+ parts of the distributed package that the license addresses.
OpenLDAP http://www.openldap.org/software/release/license.html
- Uses a Modified BSD-style license. Since libcurl uses OpenLDAP as a
- shared library only, I have not heard of anyone that ships OpenLDAP
- linked with libcurl in an app.
+ (Used for LDAP support) Uses a Modified BSD-style license. Since
+ libcurl uses OpenLDAP as a shared library only, I have not heard of
+ anyone that ships OpenLDAP linked with libcurl in an app.
+
+libssh2 http://www.libssh2.org/
+ (Used for scp and sftp support) libssh2 uses a Modified BSD-style
+ license.
[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html
[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
how to write such an exception to the GPL
+[3] = LGPL - GNU Lesser General Public License:
+ http://www.gnu.org/licenses/lgpl.html
+[4] = MPL - Mozilla Public License:
+ http://www.mozilla.org/MPL/