I do not think that you need to have a working GSS setup to test this class of bugs. These bugs are about changes of behavior in cases where HTTPAUTH_GSSNEGOTIATE is enabled but no valid GSS credentials (or even configuration) available.
Before 6c60355 there was either no failure at all (because gss_init_sec_context() was not called unless the server asked for GSS-based authentication) or the failure of gss_init_sec_context() did not result in a failed transfer (because the HTTP request succeeded without any authentication in the end).
It is not only --fail what is broken. If HTTPAUTH_GSSNEGOTIATE is used for a POST request and gss_init_sec_context() fails, the POST request is now sent with empty body. I am experimenting with the following patch:
If HTTPAUTH_GSSNEGOTIATE was used for a POST request and
gss_init_sec_context() failed, the POST request was sent
with empty body. This commit also restores the original
behavior of `curl --fail --negotiate`, which was changed
by commit 6c60355.
Add regression tests 2077 and 2078 to cover this.