1         License Mixing with apps, libcurl and Third Party Libraries
2         ===========================================================
3
4libcurl can be built to use a fair amount of various third party libraries,
5libraries that are written and provided by other parties that are distributed
6using their own licenses. Even libcurl itself contains code that may cause
7problems to some. This document attempts to describe what licenses libcurl and
8the other libraries use and what possible dilemmas linking and mixing them all
9can lead to for end users.
10
11I am not a lawyer and this is not legal advice!
12
13One common dilemma is that GPL[1]-licensed code is not allowed to be linked
14with code licensed under the Original BSD license (with the announcement
15clause). You may still build your own copies that use them all, but
16distributing them as binaries would be to violate the GPL license - unless you
17accompany your license with an exception[2]. This particular problem was
18addressed when the Modified BSD license was created, which does not have the
19announcement clause that collides with GPL.
20
21libcurl http://curl.haxx.se/docs/copyright.html
22
23        Uses an MIT (or Modified BSD)-style license that is as liberal as
24        possible.
25
26OpenSSL https://www.openssl.org/source/license.html
27
28        (May be used for SSL/TLS support) Uses an Original BSD-style license
29        with an announcement clause that makes it "incompatible" with GPL. You
30        are not allowed to ship binaries that link with OpenSSL that includes
31        GPL code (unless that specific GPL code includes an exception for
32        OpenSSL - a habit that is growing more and more common). If OpenSSL's
33        licensing is a problem for you, consider using another TLS library.
34
35GnuTLS  http://www.gnutls.org/
36
37        (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
38        a problem for you, consider using another TLS library. Also note that
39        GnuTLS itself depends on and uses other libs (libgcrypt and
40        libgpg-error) and they too are LGPL- or GPL-licensed.
41
42WolfSSL   https://www.wolfssl.com/
43
44        (May be used for SSL/TLS support) Uses the GPL[1] license or a
45        propietary license. If this is a problem for you, consider using
46        another TLS library.
47
48NSS     https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
49
50        (May be used for SSL/TLS support) Is covered by the MPL[4] license,
51        the GPL[1] license and the LGPL[3] license. You may choose to license
52        the code under MPL terms, GPL terms, or LGPL terms. These licenses
53        grant you different permissions and impose different obligations. You
54        should select the license that best meets your needs.
55
56axTLS   http://axtls.sourceforge.net/
57
58        (May be used for SSL/TLS support) Uses a Modified BSD-style license.
59
60mbedTLS https://tls.mbed.org/
61
62        (May be used for SSL/TLS support) Uses the GPL[1] license or a
63        propietary license. If this is a problem for you, consider using
64        another TLS library.
65
66BoringSSL https://boringssl.googlesource.com/
67
68        (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
69        license as that.
70
71libressl http://www.libressl.org/
72
73        (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
74        license as that.
75
76c-ares  http://daniel.haxx.se/projects/c-ares/license.html
77
78        (Used for asynchronous name resolves) Uses an MIT license that is very
79        liberal and imposes no restrictions on any other library or part you
80        may link with.
81
82zlib    http://www.zlib.net/zlib_license.html
83
84        (Used for compressed Transfer-Encoding support) Uses an MIT-style
85        license that shouldn't collide with any other library.
86
87MIT Kerberos http://web.mit.edu/kerberos/www/dist/
88
89        (May be used for GSS support) MIT licensed, that shouldn't collide
90        with any other parts.
91
92Heimdal http://www.h5l.org
93
94        (May be used for GSS support) Heimdal is Original BSD licensed with
95        the announcement clause.
96
97GNU GSS https://www.gnu.org/software/gss/
98
99        (May be used for GSS support) GNU GSS is GPL licensed. Note that you
100        may not distribute binary curl packages that uses this if you build
101        curl to also link and use any Original BSD licensed libraries!
102
103libidn  http://josefsson.org/libidn/
104
105        (Used for IDNA support) Uses the GNU Lesser General Public
106        License [3]. LGPL is a variation of GPL with slightly less aggressive
107        "copyleft". This license requires more requirements to be met when
108        distributing binaries, see the license for details. Also note that if
109        you distribute a binary that includes this library, you must also
110        include the full LGPL license text. Please properly point out what
111        parts of the distributed package that the license addresses.
112
113OpenLDAP http://www.openldap.org/software/release/license.html
114
115        (Used for LDAP support) Uses a Modified BSD-style license. Since
116        libcurl uses OpenLDAP as a shared library only, I have not heard of
117        anyone that ships OpenLDAP linked with libcurl in an app.
118
119libssh2 http://www.libssh2.org/
120
121        (Used for scp and sftp support) libssh2 uses a Modified BSD-style
122        license.
123
124[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html
125[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
126      how to write such an exception to the GPL
127[3] = LGPL - GNU Lesser General Public License:
128      https://www.gnu.org/licenses/lgpl.html
129[4] = MPL - Mozilla Public License:
130      https://www.mozilla.org/MPL/
131