Ref #1130 - Partial revert of c5ba541 / #904 to allow cert detection …

…in bad ssl

While using a standard HTTP client is good, it does mean we
can't connect to some very obscure setups with it anymore.
In the case of cert detection, the HTTP client was exclusively
used for guessing if there even is any SSL, while the rest of the
code can still handle very bad configs.

As we needed our legacy clients in a few places anyways until
finishing #714, this commit reverts the cert check back to
the legacy client, allowing cert checks in these very bad configs.

checks/tasks/tls.py

@@ -1642,10 +1642,14 @@ def cert_checks(url, mode, task, af_ip_pair=None, starttls_details=None, *args,
         if mode == ChecksMode.WEB:
             # First try to connect to HTTPS. We don't care for
             # certificates in port 443 if there is no HTTPS there.
-            http_get_ip(
-                hostname=url,
-                ip=af_ip_pair[1],
+            http_fetch(
+                url,
+                af=af_ip_pair[0],
+                path="",
                 port=443,
+                ip_address=af_ip_pair[1],
+                depth=MAX_REDIRECT_DEPTH,
+                task=web_cert,
             )
             debug_cert_chain = DebugCertChain
             conn_wrapper = HTTPSConnection
@@ -1681,7 +1685,7 @@ def cert_checks(url, mode, task, af_ip_pair=None, starttls_details=None, *args,
             verify_score, verify_result = starttls_details.trusted_score
             debug_chain = starttls_details.debug_chain
             conn_port = starttls_details.conn_port
-    except (OSError, requests.RequestException, NoIpError, ConnectionHandshakeException, ConnectionSocketException):
+    except (OSError, http.client.BadStatusLine, NoIpError, ConnectionHandshakeException, ConnectionSocketException):
         return dict(tls_cert=False)
 
     if debug_chain is None: