1 License Mixing with apps, libcurl and Third Party Libraries
2 ===========================================================
4 libcurl can be built to use a fair amount of various third party libraries,
5 libraries that are written and provided by other parties that are distributed
6 using their own licenses. Even libcurl itself contains code that may cause
7 problems to some. This document attempts to describe what licenses libcurl and
8 the other libraries use and what possible dilemmas linking and mixing them all
9 can lead to for end users.
11 I am not a lawyer and this is not legal advice!
13 One common dilemma is that GPL[1]-licensed code is not allowed to be linked
14 with code licensed under the Original BSD license (with the announcement
15 clause). You may still build your own copies that use them all, but
16 distributing them as binaries would be to violate the GPL license - unless you
17 accompany your license with an exception[2]. This particular problem was
18 addressed when the Modified BSD license was created, which does not have the
19 announcement clause that collides with GPL.
21 libcurl http://curl.haxx.se/docs/copyright.html
23 Uses an MIT (or Modified BSD)-style license that is as liberal as
24 possible. Some of the source files that deal with KRB4 have Original
25 BSD-style announce-clause licenses. You may not distribute binaries
26 with krb4-enabled libcurl that also link with GPL-licensed code!
28 OpenSSL http://www.openssl.org/source/license.html
30 (May be used for SSL/TLS support) Uses an Original BSD-style license
31 with an announcement clause that makes it "incompatible" with GPL. You
32 are not allowed to ship binaries that link with OpenSSL that includes
33 GPL code (unless that specific GPL code includes an exception for
34 OpenSSL - a habit that is growing more and more common). If OpenSSL's
35 licensing is a problem for you, consider using GnuTLS or yassl
38 GnuTLS http://www.gnutls.org/
40 (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
41 a problem for you, consider using OpenSSL instead. Also note that
42 GnuTLS itself depends on and uses other libs (libgcrypt and
43 libgpg-error) and they too are LGPL- or GPL-licensed.
45 yassl http://www.yassl.com/
47 (May be used for SSL/TLS support) Uses the GPL[1] license. If this is
48 a problem for you, consider using OpenSSL or GnuTLS instead.
50 NSS http://www.mozilla.org/projects/security/pki/nss/
52 (May be used for SSL/TLS support) Is covered by the MPL[4] license,
53 the GPL[1] license and the LGPL[3] license. You may choose to license
54 the code under MPL terms, GPL terms, or LGPL terms. These licenses
55 grant you different permissions and impose different obligations. You
56 should select the license that best meets your needs.
58 axTLS http://axtls.sourceforge.net/
60 (May be used for SSL/TLS support) Uses a Modified BSD-style license.
62 c-ares http://daniel.haxx.se/projects/c-ares/license.html
64 (Used for asynchronous name resolves) Uses an MIT license that is very
65 liberal and imposes no restrictions on any other library or part you
68 zlib http://www.gzip.org/zlib/zlib_license.html
70 (Used for compressed Transfer-Encoding support) Uses an MIT-style
71 license that shouldn't collide with any other library.
75 While nothing in particular says that a Kerberos4 library must use any
76 particular license, the one I've tried and used successfully so far
77 (kth-krb4) is partly Original BSD-licensed with the announcement
78 clause. Some of the code in libcurl that is written to deal with
79 Kerberos4 is Modified BSD-licensed.
81 MIT Kerberos http://web.mit.edu/kerberos/www/dist/
83 (May be used for GSS support) MIT licensed, that shouldn't collide
86 Heimdal http://www.pdc.kth.se/heimdal/
88 (May be used for GSS support) Heimdal is Original BSD licensed with
89 the announcement clause.
91 GNU GSS http://www.gnu.org/software/gss/
93 (May be used for GSS support) GNU GSS is GPL licensed. Note that you
94 may not distribute binary curl packages that uses this if you build
95 curl to also link and use any Original BSD licensed libraries!
99 (Used for SPNEGO support) Unclear license. Based on its name, I assume
100 that it uses the OpenSSL license and thus shares the same issues as
101 described for OpenSSL above.
103 libidn http://josefsson.org/libidn/
105 (Used for IDNA support) Uses the GNU Lesser General Public
106 License [3]. LGPL is a variation of GPL with slightly less aggressive
107 "copyleft". This license requires more requirements to be met when
108 distributing binaries, see the license for details. Also note that if
109 you distribute a binary that includes this library, you must also
110 include the full LGPL license text. Please properly point out what
111 parts of the distributed package that the license addresses.
113 OpenLDAP http://www.openldap.org/software/release/license.html
115 (Used for LDAP support) Uses a Modified BSD-style license. Since
116 libcurl uses OpenLDAP as a shared library only, I have not heard of
117 anyone that ships OpenLDAP linked with libcurl in an app.
119 libssh2 http://www.libssh2.org/
121 (Used for scp and sftp support) libssh2 uses a Modified BSD-style
124 [1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html
125 [2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
126 how to write such an exception to the GPL
127 [3] = LGPL - GNU Lesser General Public License:
128 http://www.gnu.org/licenses/lgpl.html
129 [4] = MPL - Mozilla Public License:
130 http://www.mozilla.org/MPL/