diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 8e0424841..3604454f0 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1024,6 +1024,21 @@ static void wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
 		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
 
 #ifdef CONFIG_IEEE80211R
+#ifdef CONFIG_SME
+	if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) {
+		u8 bssid[ETH_ALEN];
+		if (wpa_drv_get_bssid(wpa_s, bssid) < 0 ||
+		    wpa_ft_validate_reassoc_resp(wpa_s->wpa,
+						 data->assoc_info.resp_ies,
+						 data->assoc_info.resp_ies_len,
+						 bssid) < 0) {
+			wpa_printf(MSG_DEBUG, "FT: Validation of "
+				   "Reassociation Response failed");
+			/* TODO: force disconnection? */
+		}
+	}
+#endif /* CONFIG_SME */
+
 	p = data->assoc_info.resp_ies;
 	l = data->assoc_info.resp_ies_len;
 
@@ -1551,6 +1566,7 @@ static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data,
 		bss = wpa_bss_get_bssid(wpa_s, target_ap_addr);
 		if (bss)
 			wpa_s->sme.freq = bss->freq;
+		wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT;
 		sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr,
 			      WLAN_AUTH_FT);
 	}
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 1853d2305..f3bd3bbbb 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -222,6 +222,7 @@ void sme_authenticate(struct wpa_supplicant *wpa_s,
 	if (old_ssid != wpa_s->current_ssid)
 		wpas_notify_network_changed(wpa_s);
 
+	wpa_s->sme.auth_alg = params.auth_alg;
 	if (wpa_drv_authenticate(wpa_s, &params) < 0) {
 		wpa_msg(wpa_s, MSG_INFO, "Authentication request to the "
 			"driver failed");
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index bc565175f..49ae1ccdb 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -414,6 +414,7 @@ struct wpa_supplicant {
 		size_t ft_ies_len;
 		u8 prev_bssid[ETH_ALEN];
 		int prev_bssid_set;
+		int auth_alg;
 	} sme;
 #endif /* CONFIG_SME */