Add disabled certificate check support to IceServer PeerConnection API.

webrtc/api/peerconnectioninterface.h

Index: webrtc/api/peerconnectioninterface.h
diff --git a/webrtc/api/peerconnectioninterface.h b/webrtc/api/peerconnectioninterface.h
index 54fae2b71107398b6938e1b4c2797c00044ce4c8..02875cc3766cbe487c2770ef16281c0c3e3c9b61 100644
--- a/webrtc/api/peerconnectioninterface.h
+++ b/webrtc/api/peerconnectioninterface.h
@@ -169,12 +169,18 @@ class PeerConnectionInterface : public rtc::RefCountInterface {
     kIceConnectionMax,
   };
 
+  enum TlsCertificatePolicy {
+    kTlsCertPolicySecure,
+    kTlsCertPolicyInsecureNoCheck,

[Taylor Brandstetter, 2016/12/08 01:36:40]

Add comments explaining what each of these values implies.

[hnsl1, 2016/12/12 16:08:13]

Done.

+  };
+
   struct IceServer {
     // TODO(jbauch): Remove uri when all code using it has switched to urls.
     std::string uri;
     std::vector<std::string> urls;
     std::string username;
     std::string password;
+    TlsCertificatePolicy tls_certificate_policy;

[pthatcher1, 2016/12/07 21:29:35]

Again, this shouldn't be an ICE server attribute.  It should be something passed
in from PeerConnection's RTCConfig that then goes down into the PortAllocator. 
There are a lot of similar such things, as you can see here:

https://cs.chromium.org/chromium/src/third_party/webrtc/api/peerconnection.cc...

[Taylor Brandstetter, 2016/12/08 01:36:40]

I'd have this default to kTlsCertPolicySecure, as an extra precaution.

[hnsl1, 2016/12/12 16:08:13]

Done.

[hnsl1, 2016/12/12 16:08:13]

Nack, see my other response about API design.

   };
   typedef std::vector<IceServer> IceServers;