1License Mixing 2============== 3 4libcurl can be built to use a fair amount of various third party libraries, 5libraries that are written and provided by other parties that are distributed 6using their own licenses. Even libcurl itself contains code that may cause 7problems to some. This document attempts to describe what licenses libcurl and 8the other libraries use and what possible dilemmas linking and mixing them all 9can lead to for end users. 10 11I am not a lawyer and this is not legal advice! 12 13One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html) 14licensed code is not allowed to be linked with code licensed under the 15[Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the 16announcement clause). You may still build your own copies that use them all, 17but distributing them as binaries would be to violate the GPL license - unless 18you accompany your license with an 19[exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This 20particular problem was addressed when the [Modified BSD 21license](https://opensource.org/licenses/BSD-3-Clause) was created, which does 22not have the announcement clause that collides with GPL. 23 24## libcurl 25 26 Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is 27 very liberal. 28 29## OpenSSL 30 31 (May be used for SSL/TLS support) Uses an Original BSD-style license with an 32 announcement clause that makes it "incompatible" with GPL. You are not 33 allowed to ship binaries that link with OpenSSL that includes GPL code 34 (unless that specific GPL code includes an exception for OpenSSL - a habit 35 that is growing more and more common). If OpenSSL's licensing is a problem 36 for you, consider using another TLS library. 37 38## GnuTLS 39 40 (May be used for SSL/TLS support) Uses the 41 [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem 42 for you, consider using another TLS library. Also note that GnuTLS itself 43 depends on and uses other libs (libgcrypt and libgpg-error) and they too are 44 LGPL- or GPL-licensed. 45 46## WolfSSL 47 48 (May be used for SSL/TLS support) Uses the GPL license or a proprietary 49 license. If this is a problem for you, consider using another TLS library. 50 51## NSS 52 53 (May be used for SSL/TLS support) Is covered by the 54 [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL 55 license. You may choose to license the code under MPL terms, GPL terms, or 56 LGPL terms. These licenses grant you different permissions and impose 57 different obligations. You should select the license that best meets your 58 needs. 59 60## mbedTLS 61 62 (May be used for SSL/TLS support) Uses the [Apache 2.0 63 license](https://opensource.org/licenses/Apache-2.0) or the GPL license. 64 You may choose to license the code under Apache 2.0 terms or GPL terms. 65 These licenses grant you different permissions and impose different 66 obligations. You should select the license that best meets your needs. 67 68## BoringSSL 69 70 (May be used for SSL/TLS support) As an OpenSSL fork, it has the same 71 license as that. 72 73## libressl 74 75 (May be used for SSL/TLS support) As an OpenSSL fork, it has the same 76 license as that. 77 78## BearSSL 79 80 (May be used for SSL/TLS support) Uses an MIT license that is very liberal 81 and imposes no restrictions on any other library or part you may link with. 82 83## c-ares 84 85 (Used for asynchronous name resolves) Uses an MIT license that is very 86 liberal and imposes no restrictions on any other library or part you may link 87 with. 88 89## zlib 90 91 (Used for compressed Transfer-Encoding support) Uses an MIT-style license 92 that shouldn't collide with any other library. 93 94## MIT Kerberos 95 96 (May be used for GSS support) MIT licensed, that shouldn't collide with any 97 other parts. 98 99## Heimdal 100 101 (May be used for GSS support) Heimdal is Original BSD licensed with the 102 announcement clause. 103 104## GNU GSS 105 106 (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not 107 distribute binary curl packages that uses this if you build curl to also link 108 and use any Original BSD licensed libraries! 109 110## libidn 111 112 (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL 113 is a variation of GPL with slightly less aggressive "copyleft". This license 114 requires more requirements to be met when distributing binaries, see the 115 license for details. Also note that if you distribute a binary that includes 116 this library, you must also include the full LGPL license text. Please 117 properly point out what parts of the distributed package that the license 118 addresses. 119 120## OpenLDAP 121 122 (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses 123 OpenLDAP as a shared library only, I have not heard of anyone that ships 124 OpenLDAP linked with libcurl in an app. 125 126## libssh2 127 128 (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. 129