--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -393,54 +393,16 @@ WriteLine(nsIOutputStream* outputStream,
       return NS_ERROR_FAILURE;
     }
     length -= bytesWritten;
     data += bytesWritten;
   }
   return rv;
 }
 
-// sort blocklist items into lists of serials for each issuer
-PLDHashOperator
-ProcessBlocklistEntry(BlocklistItemKey* aHashKey, void* aUserArg)
-{
-  BlocklistSaveInfo* saveInfo = reinterpret_cast<BlocklistSaveInfo*>(aUserArg);
-  CertBlocklistItem item = aHashKey->GetKey();
-
-  if (!item.mIsCurrent) {
-    return PL_DHASH_NEXT;
-  }
-
-  nsAutoCString encDN;
-  nsAutoCString encOther;
-
-  nsresult rv = item.ToBase64(encDN, encOther);
-  if (NS_FAILED(rv)) {
-    saveInfo->success = false;
-    return PL_DHASH_STOP;
-  }
-
-  // If it's a subject / public key block, write it straight out
-  if (item.mItemMechanism == BlockBySubjectAndPubKey) {
-    WriteLine(saveInfo->outputStream, encDN);
-    WriteLine(saveInfo->outputStream, NS_LITERAL_CSTRING("\t") + encOther);
-    return PL_DHASH_NEXT;
-  }
-
-  // Otherwise, we have to group entries by issuer
-  saveInfo->issuers.PutEntry(encDN);
-  BlocklistStringSet* issuerSet = saveInfo->issuerTable.Get(encDN);
-  if (!issuerSet) {
-    issuerSet = new BlocklistStringSet();
-    saveInfo->issuerTable.Put(encDN, issuerSet);
-  }
-  issuerSet->PutEntry(encOther);
-  return PL_DHASH_NEXT;
-}
-
 // Write issuer data to the output stream
 PLDHashOperator
 WriteIssuer(nsCStringHashKey* aHashKey, void* aUserArg)
 {
   BlocklistSaveInfo* saveInfo = reinterpret_cast<BlocklistSaveInfo*>(aUserArg);
   nsAutoPtr<BlocklistStringSet> issuerSet;
 
   saveInfo->issuerTable.RemoveAndForget(aHashKey->GetKey(), issuerSet);
@@ -506,17 +468,49 @@ CertBlocklist::SaveEntries()
   }
 
   rv = WriteLine(saveInfo.outputStream,
                  NS_LITERAL_CSTRING("# Auto generated contents. Do not edit."));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
-  mBlocklist.EnumerateEntries(ProcessBlocklistEntry, &saveInfo);
+  // Sort blocklist items into lists of serials for each issuer
+  for (auto iter = mBlocklist.Iter(); !iter.Done(); iter.Next()) {
+    CertBlocklistItem item = iter.Get()->GetKey();
+    if (!item.mIsCurrent) {
+      continue;
+    }
+
+    nsAutoCString encDN;
+    nsAutoCString encOther;
+
+    nsresult rv = item.ToBase64(encDN, encOther);
+    if (NS_FAILED(rv)) {
+      saveInfo.success = false;
+      break;
+    }
+
+    // If it's a subject / public key block, write it straight out
+    if (item.mItemMechanism == BlockBySubjectAndPubKey) {
+      WriteLine(saveInfo.outputStream, encDN);
+      WriteLine(saveInfo.outputStream, NS_LITERAL_CSTRING("\t") + encOther);
+      continue;
+    }
+
+    // Otherwise, we have to group entries by issuer
+    saveInfo.issuers.PutEntry(encDN);
+    BlocklistStringSet* issuerSet = saveInfo.issuerTable.Get(encDN);
+    if (!issuerSet) {
+      issuerSet = new BlocklistStringSet();
+      saveInfo.issuerTable.Put(encDN, issuerSet);
+    }
+    issuerSet->PutEntry(encOther);
+  }
+
   if (!saveInfo.success) {
     MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
            ("CertBlocklist::SaveEntries writing revocation data failed"));
     return NS_ERROR_FAILURE;
   }
 
   saveInfo.issuers.EnumerateEntries(WriteIssuer, &saveInfo);
   if (!saveInfo.success) {