rsync & SSL 'for real'

Jamie Lokier jamie at shareable.org
Sat Apr 21 22:00:18 GMT 2007


Andreas Kotes wrote:
> > >> There is no license issue.
> 
> There would be a serious licence issue the other way round, but BSD is a
> tad more permissive than the GPL is, so - no problem there BUT: there is
> an advertisement clause, so rsync would need to display certain messages
> when compiled with OpenSSL.

The modern BSD licenses, which are compatible with the GPL, are not
the same as OpenSSL's license, which is more like the _original_ BSD
license which isn't compatible with the GPL.

Any advertisement clause is widely considered to conflict with the
GPL's "no further restrictions" clause.

This conflict is important enough that Berkeley changed the BSD
license used for BSD itself, and FreeBSD changed their license, and so on.

The OpenSSL FAQ has a section on this question:

     * Can I use OpenSSL with GPL software?

     On many systems including the major Linux and BSD distributions,
     yes (the GPL does not place restrictions on using libraries that
     are part of the normal operating system distribution).

     On other systems, the situation is less clear. Some GPL software
     copyright holders claim that you infringe on their rights if you
     use OpenSSL with their software on operating systems that don't
     normally include OpenSSL.

     If you develop open source software that uses OpenSSL, you may
     find it useful to choose an other license than the GPL, or state
     explicitly that "This program is released under the GPL with the
     additional exemption that compiling, linking, and/or using
     OpenSSL is allowed."  If you are using GPL software developed by
     others, you may want to ask the copyright holder for permission
     to use their software with OpenSSL.

The FSF's considered position is that OpenSSL is incompatible with the
GPL.  They say:

     The license of OpenSSL is a conjunction of two licenses, one of
     them being the license of SSLeay. You must follow both. The
     combination results in a copyleft free software license that is
     incompatible with the GNU GPL. It also has an advertising clause
     like the original BSD license and the Apache license.

     We recommend using GNUTLS instead of OpenSSL in software you
     write. However, there is no reason not to use OpenSSL and
     applications that work with OpenSSL.

I think libcurl supports both OpenSSL and GNUTLS for these sorts of
reasons.

-- Jamie


More information about the rsync mailing list