• AVR Freaks

Helpful ReplyHot!WolfSSL License Question

Author
Tim Cruise
Junior Member
  • Total Posts : 94
  • Reward points : 0
  • Status: offline
2019/04/14 11:02:02 (permalink)
0

WolfSSL License Question

Dear All,
I learn that if we deploy SSL in an embedded MCU project, we will choose WolfSSL.
 
Then, I read their page and find that I have to pay them license fee if my project does not meet GPLv2 requirement.
 
Now, the problem is - I do not understand GPLv2 license term well.  I also know that in certain cases, a commercial project can still use GPLv2 for free if they do not alter the original source files.
 
So, if I do not alter WolfSSL original source files and compile it into my final product MCU, do I have to pay them license fee?   pink
 
 
Thanks for your attention.
#1
NKurzman
A Guy on the Net
  • Total Posts : 17614
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: offline
Re: WolfSSL License Question 2019/04/14 12:05:29 (permalink)
5 (1)
You can contact them to be sure, but as a commercial product assume you have to pay.
#2
mlp
boots too small
  • Total Posts : 777
  • Reward points : 0
  • Joined: 2012/09/10 15:12:07
  • Location: previously Microchip XC8 team
  • Status: offline
Re: WolfSSL License Question 2019/04/15 08:23:52 (permalink) ☄ Helpfulby Tim Cruise 2019/04/15 08:42:53
5 (2)
HKPhysicist
Now, the problem is - I do not understand GPLv2 license term well.  I also know that in certain cases, a commercial project can still use GPLv2 for free if they do not alter the original source files.
 
So, if I do not alter WolfSSL original source files and compile it into my final product MCU, do I have to pay them license fee?   pink

I Am Not A Lawyer. (You should certainly consult a lawyer who specializes in Intellectual Property.)
 
As I understand GPLv2, if you link GPLv2 code with your own code and distribute the result, then your project must itself be released under GPLv2, i.e. you must make the source available for at most a reasonable fee and place no more-restrictive conditions on what the recipient does with it, i.e. they may then give it (your code) away or even sell it, just as you were permitted to do with the (other) GPLv2 code you brought in.

Mark (this opinion available for hire)
#3
malaugh
Super Member
  • Total Posts : 399
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: online
Re: WolfSSL License Question 2019/04/15 12:02:02 (permalink) ☄ Helpfulby Tim Cruise 2019/04/16 20:35:30
5 (2)
My understanding is the same as mlp.  If you use the library in a commercial product, then all source code, the Wolf SSL and you own source code, must be published as an open source project.  The alternative is to pay the license fee.
 
We also looked into the licensing of WolfSSL, and decided we were not willing to open source our code, or pay the license fee, so we used another library called mbedTLS, which is licensed under Apache2 which means you do not need to publish your source code.
 
We use our own code, but a great alternative is to used the Amazon FreeRTOS libraries.  They have pre-built demo code for a PIC32 and includes all the components necessary to connect your device with AWS (Amazon Web Services), and their libraries also use mbedTLS for security.
 
Look at https://docs.aws.amazon.com/freertos/latest/userguide/porting-security.html
 
#4
Tim Cruise
Junior Member
  • Total Posts : 94
  • Reward points : 0
  • Status: offline
Re: WolfSSL License Question 2019/04/16 20:39:34 (permalink)
0
malaugh,
mbedTLS sounds so good!  But I can't see in inside Harmony 2.0.6 and Harmony 3.  Must we implement it manually by ourselves?
#5
friesen
Super Member
  • Total Posts : 2066
  • Reward points : 0
  • Joined: 2008/05/08 05:23:35
  • Location: Indiana, USA
  • Status: offline
Re: WolfSSL License Question 2019/04/17 08:46:19 (permalink)
0
BearSSL is also a valid alternative. AWS has more mbedTLS info though, it is probably easier if you aren't wanting to code it in.
 
I think mbedTLS is aimilar to apache?  where BearSSL is mit.

Erik Friesen
#6
NKurzman
A Guy on the Net
  • Total Posts : 17614
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: offline
Re: WolfSSL License Question 2019/04/17 09:02:33 (permalink)
0
The Harmony Stack has a layer called the Net Presentation Layer (netpress) That is where encryption would connect to Harmony.
#7
malaugh
Super Member
  • Total Posts : 399
  • Reward points : 0
  • Joined: 2011/03/31 14:04:42
  • Location: San Diego
  • Status: online
Re: WolfSSL License Question 2019/04/18 07:42:21 (permalink)
5 (1)
HKPhysicist
malaugh,
mbedTLS sounds so good!  But I can't see in inside Harmony 2.0.6 and Harmony 3.  Must we implement it manually by ourselves?


You have two choices.
 
1) Use Harmony to generate the code, then swap out the WolfSSL library for the mbedTLS library.  I do not know how big a job this will be.
 
2) Use the non-harmony Amazon demo project (which includes mbedTLS) as the starting point, and modify it to suit your requirements.
 
 
 
 
#8
Tim Cruise
Junior Member
  • Total Posts : 94
  • Reward points : 0
  • Status: offline
Re: WolfSSL License Question 2019/04/20 17:11:48 (permalink)
0
Hey Guys and Girls!
I have found an open-source solution for those who only needs AES encryption -
https://github.com/kokke/tiny-AES-c
 
Check it out.  I am studying.  mr green: mr green
#9
Jump to:
© 2019 APG vNext Commercial Version 4.5