[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

GPL and OpenSSL in libs3


I've recently been discussing[1] with another developer his libs3
library - a library to access amazon's S3. It is licensed under the
GPLv3, but links to curl, which in turn links to openssl. It's
possible to port libs3 to use curl+libgnutls instead (although not as
easy as rebuilding curl, as libs3 makes use of certain cryptographic
primitives itself), but the result breaks on windows.

Although libs3's copyright holder is willing to add an exemption to
the license to allow openssl to link, this would not seem to
automatically cover the library's users. My questions are, then:

1) If the library is conditionally compilable against either
curl+openssl or curl+gnutls, only dynamically links against either
(neither the library nor user executables would directly reference
openssl or its symbols), and doesn't make direct use of the library
(the aforementioned crypto primitives can be replaced with public
domain reference implementations), wouldn't this be sufficient to make
the library's users not derivative works of openssl, and thus allow
ordinary GPL code to link?
2) If not, is there a recommended way to deal with this situation?
As-is, since the library is GPL, not LGPL, not even BSD code can make
use of it - only this special "GPLv3 with OpenSSL exception" license;
and although the curl+gnutls route is unencumbered, it would make it
all too easy to accidentally build against curl+openssl on windows,
and produce an unredistributable binary without realizing.

Any advice would be appreciated.


Bryan Donlan

[1] - http://developer.amazonwebservices.com/connect/thread.jspa?threadID=23723&start=0&tstart=0

Reply to: