Gentle reminder: it's almost a month since a started this thread, but the external pyca and krb5 tests are still failing. Apart from complicating the review process, it also happens that people are noticing the failures and are hesitating to update to the current tip of master [1].
IMHO chronically failing tests should be deactivated and an issue created for fixing them. Matthias [1] https://github.com/openssl/openssl/issues/9866#issuecomment-565714221
