Hi there!
I was wondering if any of you had had a try at using SSL encrypted
information in an SDL program (probably using SDL_net). As I understand it,
the problem here with SSL is again a problem with licenses, many libraries
available will ruin the licensing of my own program, rendering it impossible
to sell the program commercially.
Also, some other libraries supporting SSL suffer from portability
problems… for these reasons I am tempted to print the whole SSL RFC and
make my own implementation and licensing the stuff as LGPL, name it something
like SDL_sslnet or anything similar. But that is A LOT of work! Also
thinking that I’m not a math engineer, it also means A Lot of understanding
and the possibility for mistakes (which is unacceptable for a security
library like this!).
I was wondering if any of you had comments, suggestions, knew a good
library that was also LGPL or that could fit a commercial library. Or if
not, I may start working on a lib of my own, and if you’re interested in
contributing, please contact me (or reply to this list) as well.
Thanks in advance!
Simon–
Simon Lemieux (Simon at Xhz.ca)
I’m really a newb when it comes to licensing but if SSL library licensing is
anything like SDL (i hope it is!), then maybe just dynamicly linking to it
should satisfy you being able to sell it commercialy? or is there some kind
of fee you have to give to use it in commercial products?> ----- Original Message -----
From: simon@xhz.ca (Simon)
To:
Sent: Wednesday, July 27, 2005 11:05 AM
Subject: [SDL] SSL and SDL
Hi there!
I was wondering if any of you had had a try at using SSL encrypted
information in an SDL program (probably using SDL_net). As I understand
it,
the problem here with SSL is again a problem with licenses, many libraries
available will ruin the licensing of my own program, rendering it
impossible
to sell the program commercially.
Also, some other libraries supporting SSL suffer from portability
problems… for these reasons I am tempted to print the whole SSL RFC and
make my own implementation and licensing the stuff as LGPL, name it
something
like SDL_sslnet or anything similar. But that is A LOT of work! Also
thinking that I’m not a math engineer, it also means A Lot of
understanding
and the possibility for mistakes (which is unacceptable for a security
library like this!).
I was wondering if any of you had comments, suggestions, knew a good
library that was also LGPL or that could fit a commercial library. Or if
not, I may start working on a lib of my own, and if you’re interested in
contributing, please contact me (or reply to this list) as well.
I’m really a newb when it comes to licensing but if SSL library
licensing is anything like SDL (i hope it is!), then maybe just
dynamicly linking to it should satisfy you being able to sell it
commercialy? or is there some kind of fee you have to give to use it
in commercial products?
I cant believe how Hasty I am when starting a project! hehe
I forgot to mention that I did not yet start any research now for the
currently available libraries. But a while back, I did do some research and
they were not GPL or LGPL, one of them was clearly open source, demanding to
publish the code of the program using the library, and another was commercial
costing too much. The last I saw was LGPL but was soooo complicated that I
dropped the project. At that time, my project was more personnal and when I
saw the difficulty I moved to other more interesting projects for my hobby.
Now I got a professionnal project and I cant stop. I got to go through
this and as I said I would be ready to write my own lib.
Basically, I was asking at large what the SDL community had tried, to find
out what were the libraries available today. I prefer working with
references given by people like you than searching the internet for libraries.
Also, talking about licencing… If I were to build a server that would
use different libraries. Since the server will be used by the developer and
will not be distributed, do I still need to licence the product?
Thanks for all your help!–
Simon Lemieux (Simon at Xhz.ca)
Hi there!
I was wondering if any of you had had a try at using SSL encrypted
information in an SDL program (probably using SDL_net). As I understand it,
the problem here with SSL is again a problem with licenses, many libraries
available will ruin the licensing of my own program, rendering it impossible
to sell the program commercially.
I don’t know of very many libraries that do that, unless by “sell the
program commercially” you mean “not ship source code,” which isn’t
exactly the same thing.
Also, some other libraries supporting SSL suffer from portability
problems… for these reasons I am tempted to print the whole SSL RFC and
make my own implementation and licensing the stuff as LGPL, name it something
like SDL_sslnet or anything similar.
You can try GnuTLS, which is under the LGPL, same as SDL:
I’m not sure how portable it is though. It apparently compiles on Win32
with MinGW, as well as “most Unix platforms,” so Windows, Mac, and Linux
should be fine, at least.
Hi there!
I was wondering if any of you had had a try at using SSL encrypted
information in an SDL program (probably using SDL_net). As I understand it,
the problem here with SSL is again a problem with licenses, many libraries
available will ruin the licensing of my own program, rendering it impossible
to sell the program commercially.
Also, some other libraries supporting SSL suffer from portability
problems… for these reasons I am tempted to print the whole SSL RFC and
make my own implementation and licensing the stuff as LGPL, name it something
like SDL_sslnet or anything similar. But that is A LOT of work! Also
thinking that I’m not a math engineer, it also means A Lot of understanding
and the possibility for mistakes (which is unacceptable for a security
library like this!).
I was wondering if any of you had comments, suggestions, knew a good
library that was also LGPL or that could fit a commercial library. Or if
not, I may start working on a lib of my own, and if you’re interested in
contributing, please contact me (or reply to this list) as well.
“The OpenSSL toolkit is licensed under an Apache-style licence[1], which
basically means that you are free to get and use it for commercial and
non-commercial purposes subject to some simple license conditions.”
I don’t know of very many libraries that do that, unless by “sell
the program commercially” you mean “not ship source code,” which
isn’t exactly the same thing.
I think, if I remember right that the library that I was interested in were
GPL, which ask to provide the source code of the program so that other people
can make modifications to it. And at that time, my project would have been
threatened by the possibility of hackers making fool-copies of the program
and distributing them causing great security concern for the project. In
this way, I could not afford the source code to be published or even given to
any individuals, the source code of the program (my former project) was in
the category of the industrial secrets.
But this time it’s different as I will probably publish the source code to
some security groups that will evaluate the security level of the software
and so on…
I’ve never got the “AH! Now I understand!” kind of feeling when reading any
kind of licenses… Possibly because english is not my first language and
because i never consulted a lawyer. Anyway, I dont really wish to orient the
discussion over licenses as I just wanted to see what were the available
opportunities.
You can try GnuTLS, which is under the LGPL, same as SDL:
I’m not sure how portable it is though. It apparently compiles on
Win32 with MinGW, as well as “most Unix platforms,” so Windows, Mac,
and Linux should be fine, at least.
Seems pretty much what I’m looking for, for my current project. Taking note
of it!
Thanks very much!–
Simon Lemieux (Simon at Xhz.ca)
“The OpenSSL toolkit is licensed under an Apache-style licence[1],
which basically means that you are free to get and use it for
commercial and non-commercial purposes subject to some simple
license conditions.”
"If you develop open source software that uses OpenSSL, you may find it
useful to choose an other license than the GPL, or state explicitly
that “This program is released under the GPL with the additional exemption
that compiling, linking, and/or using OpenSSL is allowed.” If you are using
GPL software developed by others, you may want to ask the copyright holder
for permission to use their software with OpenSSL. "
Do you think that a LGPL library such as SDL would give same problems than
this?
I was wondering if any of you had comments, suggestions, knew a good
library that was also LGPL or that could fit a commercial library. Or if
not, I may start working on a lib of my own, and if you’re interested in
contributing, please contact me (or reply to this list) as well.
OpenSSL can be used with commercial, closed source software, and also
with LGPL software such as SDL_net.
I’ve used libcurl which (can) uses OpenSSL and SDL all in one
application. Most LGPL libraries you’re safe with (for
commercial/don’t want to release source) as long as you’re using
DLL/Dynamic libs. If you’re going to statically link, things can be a
bit more complicated.
Cheers.
CaseyOn 7/28/05, Ryan C. Gordon wrote:
I was wondering if any of you had comments, suggestions, knew a good
library that was also LGPL or that could fit a commercial library. Or if
not, I may start working on a lib of my own, and if you’re interested in
contributing, please contact me (or reply to this list) as well.
OpenSSL can be used with commercial, closed source software, and also
with LGPL software such as SDL_net.
Thank you Ryan, I am in the process of convincing my partners to look at this
OpenSSL to make it our standard. I’ll keep an eye for other libraries, but
I’m sure already this might be the good solution.
Thanks again!On Thu, 28 Jul 2005 01:20:14 -0400, Ryan C. Gordon wrote
I was wondering if any of you had comments, suggestions, knew a good
library that was also LGPL or that could fit a commercial library. Or if
not, I may start working on a lib of my own, and if you’re interested in
contributing, please contact me (or reply to this list) as well.
OpenSSL can be used with commercial, closed source software, and also
with LGPL software such as SDL_net.
Thanks Casey,
I’m already aware of the dynamic/static discussions, but I’m sticking to
dynamic compilation because 1) it’s easier and 2) complies perfectly with
licences. I may wish to move the library to a different place than the EXE
under windows. I think we can actually install SDL on the operating system.
But that’s far from being decided and in the meantime, we’ll stick with
everything as dynamic in the same directory.
Thanks.On Thu, 28 Jul 2005 09:59:14 -0400, Casey ODonnell wrote
I’ve used libcurl which (can) uses OpenSSL and SDL all in one
application. Most LGPL libraries you’re safe with (for
commercial/don’t want to release source) as long as you’re using
DLL/Dynamic libs. If you’re going to statically link, things can be a
bit more complicated.