summaryrefslogtreecommitdiff
path: root/docs/LICENSE-MIXING.md
blob: 5376bdb70640db3149d054209f047325f56fc29c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
License Mixing
==============

libcurl can be built to use a fair amount of various third party libraries,
libraries that are written and provided by other parties that are distributed
using their own licenses. Even libcurl itself contains code that may cause
problems to some. This document attempts to describe what licenses libcurl and
the other libraries use and what possible dilemmas linking and mixing them all
can lead to for end users.

I am not a lawyer and this is not legal advice!

One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html)
licensed code is not allowed to be linked with code licensed under the
[Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the
announcement clause). You may still build your own copies that use them all,
but distributing them as binaries would be to violate the GPL license - unless
you accompany your license with an
[exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This
particular problem was addressed when the [Modified BSD
license](https://opensource.org/licenses/BSD-3-Clause) was created, which does
not have the announcement clause that collides with GPL.

## libcurl

 Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is
 very liberal.

## OpenSSL

 (May be used for SSL/TLS support) Uses an Original BSD-style license with an
 announcement clause that makes it "incompatible" with GPL. You are not
 allowed to ship binaries that link with OpenSSL that includes GPL code
 (unless that specific GPL code includes an exception for OpenSSL - a habit
 that is growing more and more common). If OpenSSL's licensing is a problem
 for you, consider using another TLS library.

## GnuTLS

 (May be used for SSL/TLS support) Uses the
 [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem
 for you, consider using another TLS library. Also note that GnuTLS itself
 depends on and uses other libs (libgcrypt and libgpg-error) and they too are
 LGPL- or GPL-licensed.

## WolfSSL

 (May be used for SSL/TLS support) Uses the GPL license or a proprietary
 license. If this is a problem for you, consider using another TLS library.

## NSS

 (May be used for SSL/TLS support) Is covered by the
 [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL
 license. You may choose to license the code under MPL terms, GPL terms, or
 LGPL terms. These licenses grant you different permissions and impose
 different obligations. You should select the license that best meets your
 needs.

## axTLS

 (May be used for SSL/TLS support) Uses a Modified BSD-style license.

## mbedTLS

 (May be used for SSL/TLS support) Uses the [Apache 2.0
 license](https://opensource.org/licenses/Apache-2.0) or the GPL license.
 You may choose to license the code under Apache 2.0 terms or GPL terms.
 These licenses grant you different permissions and impose different
 obligations. You should select the license that best meets your needs.

## BoringSSL

 (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
 license as that.

## libressl

 (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
 license as that.

## c-ares

 (Used for asynchronous name resolves) Uses an MIT license that is very
 liberal and imposes no restrictions on any other library or part you may link
 with.

## zlib

 (Used for compressed Transfer-Encoding support) Uses an MIT-style license
 that shouldn't collide with any other library.

## MIT Kerberos

 (May be used for GSS support) MIT licensed, that shouldn't collide with any
 other parts.

## Heimdal

 (May be used for GSS support) Heimdal is Original BSD licensed with the
 announcement clause.

## GNU GSS

 (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not
 distribute binary curl packages that uses this if you build curl to also link
 and use any Original BSD licensed libraries!

## libidn

 (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL
 is a variation of GPL with slightly less aggressive "copyleft". This license
 requires more requirements to be met when distributing binaries, see the
 license for details. Also note that if you distribute a binary that includes
 this library, you must also include the full LGPL license text. Please
 properly point out what parts of the distributed package that the license
 addresses.

## OpenLDAP

 (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses
 OpenLDAP as a shared library only, I have not heard of anyone that ships
 OpenLDAP linked with libcurl in an app.

## libssh2

 (Used for scp and sftp support) libssh2 uses a Modified BSD-style license.