[pjsip] tls licence question, possible violation

Vittorio Giovara vittorio.giovara at savoirfairelinux.com
Wed May 7 12:05:02 EDT 2014


according to my understanding PJSIP is released under GPL and 
proprietary licence. Since a few version there is a TLS implementation 
that relies on OpenSSL, which features a 4-clause BSD and a Apache 1.1 
GPL-incompatible licence. [1]

Right now this constitutes also a violation of the Debian DFSG. [2] It's 
point #1 in "Serious violations (direct rejects even if we only find one 

The usual workaround is to add a linking exception for OpenSSL to the 
"offending" file but I believe that a more long term solution would be 
to port the TLS code to GNUTLS, which is a LGPL-licensed project. [3] 
This is preferred as it would allow statically linking the pjproject 
libraries too (something that should be done even with the linking 
exception). Alternatively there could be a second implementation relying 
on GNUTLS that is enabled by default, letting OpenSSL active only upon 
request (or for the proprietary distribution).

Do you think you could look into this?

[1] https://people.gnome.org/~markmc/openssl-and-the-gpl.html
[2] https://ftp-master.debian.org/REJECT-FAQ.html
[3] http://www.gnutls.org/

More information about the pjsip mailing list