[openssl-users] [openssl-announce] OpenSSL Versioning and License

Jonathan Larmour jifl at eCosCentric.com
Wed Nov 28 22:42:44 UTC 2018

On 28/11/18 21:41, Daniel Kahn Gillmor wrote:
> On Wed 2018-11-28 19:54:34 +0000, Jonathan Larmour wrote:
>> On 28/11/18 17:02, Matt Caswell wrote:
>>> Please see the following blog post about OpenSSL Versioning and License:
>>> https://www.openssl.org/blog/blog/2018/11/28/version/
>> :-(
>> The Apache license is incompatible with GPLv2:
>> https://www.apache.org/licenses/GPL-compatibility.html
>> Those of us using GPLv2 code in products will no longer be able to use
>> OpenSSL. For many of us, GPLv3 is not an option.
> The existing OpenSSL license is arguably incompatible with GPLv2 anyway,
> in some analyses:
>    https://people.gnome.org/~markmc/openssl-and-the-gpl.html

Yes I believe any GPLv2 users have been relying on a license exception. I'm
not sure the license exception in the GPL software I'm using would be
sufficient if calls to OpenSSL are made from the GPL'd code:

"As a special exception, if other files instantiate templates or use macros or
inline functions from this file, or you compile this file and link it with
other works to produce a work based on this file, this file does not by itself
cause the resulting work to be covered by the GNU General Public License.[...]"

If my own (non-GPL) code calls OpenSSL, that seems fine. But what if I have
modified the GPL'd (with exception) code to call OpenSSL?

> That said, I also would have liked something that is GPLv2-compatible in
> addition to GPLv3-compatible.

Yes, that would have made things unambiguous.


More information about the openssl-users mailing list