I noticed this just by looking at the code.
https://cs.chromium.org/chromium/src/net/http/http_network_transaction.cc?rcl=c44b213c387dffb50a742ce538b71fa5012a36a0&l=1517

We never clear the corresponding proxy bits. Plumbing this information is a little tricky, but thankfully we don't allow renego on HTTP tunnel sockets, so we just need to know whether the error happened while establishing the tunnel or not.

The other tricky part is getting the hostname to clear. We probably can stash it from the SSLCertRequestInfo if not available more directly. In fact, if it is an non-tunneling HTTP proxy (so GET http://example.com HTTP/1.1) that's served over HTTPS, I believe we get the host to clear wrong.

Interestingly, this case also doesn't set is_proxy. We probably should rename is_proxy to is_tunnel and proxy_ssl_config_ to tunnel_ssl_config_.

I had thought this would affect the Google corp use case, but chatting with folks, it sounds like it might not? Regardless, probably worth fixing.