WebRTC uses DTLS in two ways:
The W3C WebRTC API represents this as the DtlsTransport.
The DTLS handshake happens after the ICE transport becomes writable and has found a valid pair. It results in a set of keys being derived for DTLS-SRTP as well as a fingerprint of the remote certificate which is compared to the one given in the SDP
This documentation provides an overview of how DTLS is implemented, i.e how the following classes interact.
webrtc::DtlsTransport class is a wrapper around the
cricket::DtlsTransportInternal and allows registering observers implementing the
webrtc::DtlsTransportObserverInterface will provide updates to the observers, passing around a snapshot of the transports state such as the connection state, the remote certificate(s) and the SRTP ciphers as
cricket::DtlsTransportInternal class is an interface. Its implementation is
cricket::DtlsTransport sends and receives network packets via an ICE transport. It also demultiplexes DTLS packets and SRTP packets according to the scheme described in RFC 5764.